External audits refer to independent assessments conducted by an external certification body to evaluate an organization's Information Security Management System (ISMS) compliance with security standards like ISO 27001. These audits ensure impartiality and validate the organization's adherence to the standard's requirements, granting formal certification if all criteria are met.
Our risk managers, data protection experts, IT security & IT compliance officers comply with the following international regulations, standards, and requirements for data protection, IT compliance, and IT security:
- DORA—the Digital Operational Resilience Act (EU Regulation 2022/2554). It defines the regulatory requirements for ICT governance and digital operational resilience in the EU financial sector, outlining supervisory expectations for information security, ICT risk management, incident handling, and the oversight of ICT third-party service providers.
- GDPR—the General Data Protection Regulation (2016/679, "GDPR"), a European data protection law that sets guidelines and limitations for the collecting and processing of personal information. This law applies to companies based in or conducting operations in the EU.
- ISO/IEC 27002:2022—the standard for information security, cybersecurity, and privacy protection. It provides guidelines for establishing and maintaining an information security management system and implementing information security controls.
- TISAX—the Trusted Information Security Assessment Exchange is an assessment and exchange mechanism for the information security in the automotive industry. TISAX ensures the secure processing of information from business partners, protection of prototypes, and data protection under GDPR.
Munich Re Service GmbH undergoes regular external audits of ISO27001 and TISAX. We have implemented guidelines and policies for information security, IT security, data privacy, and IT services. This refers to external employees, user accounts, cloud tenants, network infrastructure, devices, and software licenses used to develop and operate the SaaS services.
For a detailed information about our certifications, view a corresponding article.