Apparity helps German companies comply with EUC control requirements for BaFIN’s various IT and information security regulations— BAIT, KAIT & VAIT.
BaFIN IT & Information Security Requirements
Germany’s Federal Financial Supervisory Authority, BaFin, has issued requirements relating to information security and information technology for various financial service sectors. VAIT, KAIT and BAIT apply to insurers and reinsurers, asset management and banks, respectively.
BaFIN’s EUC Requirements
VAIT, KAIT and BAIT include a number of requirements related to end user computing (EUC) applications like Excel spreadsheets. These requirements can be mapped directly to an EUC controls framework/ policy. At a high level, these requirements may be grouped into four categories:
- Inventory– The ability to create and maintain a risk-based inventory of EUC applications.
- Version Control– The ability to enforce and monitor varying levels of change/ release (version) control based on the risk classification of the EUC application.
- Change Management– The ability to monitor EUC applications to identify unauthorized changes and facilitate approval workflows.
- Access Control– The ability to control and limit access to critical EUC applications and those which contain confidential or personally identifiable information (PII).
Apparity EUC Controls for BaFIN Compliance
Apparity’s EUC governance platform was designed to manage and control EUC applications within highly regulated industries. Our standard functionality allows German companies to automate and evidence all of the EUC-specific requirements of VAIT/ KAIT/ BAIT.
- Discovery Module:
Automatically create and maintain an inventory of EUC files, including key file details.
- Structural Complexity Algorithm:
Determine the complexity of each identified file using custom evaluation parameters.
- Registration Module:
Qualitative assessment of file impact to capture relevant data from file owners. Enables a risk-based inventory based on both complexity and business impact.
- Model Map Explorer (MME):
Visually chart connections between discovered files. Provides a clearer understanding of upstream & downstream data lineage.
Automatically capture and track all file copies while allowing user comments to enable collaboration and audit trails.
- Version History:
View, export and restore a file to a previous version or copy of a file.
- Zero Loss Fingerprinting:
Monitored files are always tracked, regardless of file save location or how it is named. Ensures there are never ‘lost copies’ of a file.
- Change Logs:
Real-time and in-session view of all critical changes made to a file. Filtering and sorting helps identify potential mistakes or unauthorized changes.
- Noise Filtering:
Users only see critical changes that are relevant to them, configured against company EUC policy.
- Automated Review and Approval Workflow:
Ensures critical changes are properly signed off with included audit trails.
- File Access & Modification Reports:
Track and log all users who update critical files.
- Unexpected Change (Tamper) Warnings:
Flag any changes made by non-Apparity users who might be outside the controls framework.
- Automated PII identification:
Allows teams to understand which files have sensitive data that should not be accessible to broader audiences.