External audits refer to independent assessments conducted by an external certification body to evaluate an organization's Information Security Management System (ISMS) compliance with security standards like ISO 27001. These audits ensure impartiality and validate the organization's adherence to the standard's requirements, granting formal certification if all criteria are met.
Our risk managers, data protection experts, IT security & IT compliance officers comply with the following international regulations, standards, and requirements for data protection, IT compliance, and IT security:
-
VAIT—the Supervisory Requirements for IT in Insurance Undertakings. It provides an interpretation of the legal requirements of section 23 of the German Insurance Supervision Act, describing what BaFin considers appropriate as technical and organizational resources for IT systems, especially requirements for information security and information risk management.
-
GDPR—the General Data Protection Regulation (2016/679, "GDPR"), a European data protection law that sets guidelines and limitations for the collecting and processing of personal information. This law applies to companies based in or conducting operations in the EU.
-
ISO/IEC 27002:2022—the standard for information security, cybersecurity, and privacy protection. It provides guidelines for establishing and maintaining an information security management system and implementing information security controls.
-
TISAX—the Trusted Information Security Assessment Exchange is an assessment and exchange mechanism for the information security in the automotive industry. TISAX ensures the secure processing of information from business partners, protection of prototypes, and data protection under GDPR.
Munich Re Service GmbH undergoes regular external audits of ISO27001 and TISAX. We have implemented guidelines and policies for information security, IT security, data privacy, and IT services. This refers to external employees, user accounts, cloud tenants, network infrastructure, devices, and software licenses used to develop and operate the SaaS services.
For a detailed information about our certifications, view a corresponding article.