With the enforcement of the cloud-outsourcing regulation, you as a compliance officer may find yourself in the middle of a legal jungle with minimal clarity and lack of direction. Together with the leading experts in the field of cloud-outsourcing we have developed a seamless solution based on best practice, giving you clarity, overview and actionable steps.
Define, monitor and document all your outsourcing arrangements in one place to eliminate inefficient work across excel sheets.
We have turned the executive order of outsourcing into a clear and structured questionnaire that reflects the requirements of the Outsourcing Executive Order.
Once you are compliant we’ll assets you maintain your controls by automazing them to move the manual burden from your shoulders.
All your needs in a seamless solutionLet's talk
At the beginning of 2020, the European Insurance and Occupational Pensions Authority (EIOPA) issued new cloud outsourcing guidelines. These will result in a new or revised Outsourcing Executive Order for insurance companies and pension funds.
Once the final draft of the new executive order for pension and insurance organizations has been finalized, RISMA will be ready with a solution that can help you with your compliance. This solution will also take the existing outsourcing requirements of the Solvency II Regulation into account.
The guidelines from EIOPA are very similar to the rules in the Outsourcing Executive Order for banks, etc. Therefore, the EIOPA solution will, overall, follow the same system as our EBA outsourcing solution. This means, that organizations that are subject to both ‘EBA’ and ‘EIOPA’ guidelines will be able to use the same solution to handle all the organization’s outsourcing arrangements.
In addition to that, it also means that when you book a demo of our EBA guidelines solution, you will get a really good insight into how RISMA’s solution can be used to handle your work with the Outsourcing requirements – even though you are an insurance or pension organization.
In collaboration with IT and outsourcing experts from Plesner Advokatpartnerselskab, we have developed an outsourcing solution that can help your organization ensure compliance with the Outsourcing Executive Order for financial organizations such as banks, investment companies, etc.
In short, our outsourcing solution is designed to help you become compliant through guidance and a set of practical tasks. For instance, the experts from Plesner have transformed the entire executive order as questions and contributed with content to the gap analysis tool, the assessment tool, action plans, and the control catalog.
The outsourcing solution also ensures that you have a complete overview of all employees’ tasks across departments and systems.
You can map and get an overview of the scope of the organization's outsourcing work, including suppliers, systems, and policies.
Through a clear and structured questionnaire that reflects the many requirements of the Outsourcing Executive Order, you and your colleagues collect relevant information about each outsourcing event.
The solution will support your assessments, including whether the outsourcing arrangement is important or critical. The gap analysis can show whether, for example, risk assessments performed are in accordance with the Executive Order.
You get an overview of which areas require mitigating actions. You can also monitor your efforts and maintain your compliance with ongoing controls of, for instance, suppliers.
Generate relevant reports at any time to document your efforts to relevant stakeholders. For example, you can extract the statutory register of outsourcing arrangements to the Danish FSA.
Our outsourcing solution is developed with an intuitive user interface, making it is easy to work with. However, this does not preclude the need for good help to ensure optimal implementation in the organization.
To get the best possible start, our Customer Success team is ready to help your organization get started with a well-organized process. You also have the possibility of receiving ongoing support, so you get the most out of using our solution.
Power your organisation by connecting data, teams, action and reporting in an integrated GRC platform.
Whether you deploy one, two, or all our solutions, RISMA GRC platform provides great value by boosting collaboration, increasing visibility, and saving time for everyone involved.
The outsourcing requirements covers a wide range of obligations. Below are just a few of the essential aspects:
The new outsourcing rules also include requirements for outsourcing arrangements that are not important or critical.
You need to:
Previously, it has been customary for financial companies to handle their outsourcing arrangements in Excel and other systems. However, the new outsourcing requirements impose far more restrictions for each outsourcing arrangement – including arrangements that are defined as non-important or non-critical.
This also includes stricter requirements for documentation of all assessments you make. In addition to this, you also need to provide information from your new register in an electronically readable format to the Danish Financial Supervisory Authority.
Read the outsourcing guidelines that reflect EBA's guidelines.
At the same time, it has become clear that you need to have more active control of your suppliers - both to comply with the outsourcing rules and GDPR.
Many users find that the ability to document, record, and monitor outsourcing arrangements becomes less complex and more accurate when they choose to get a system that supports their outsourcing management.
Additionally, you ensure that the entire organization can collaborate on the individual arrangement. For instance, it is often necessary to involve procurement, risk, IT security, law, etc. in the process and contact arrangement if changes occur in your organization.
Yes, RISMA's outsourcing solution allows you to meet the registry requirements for both regular outsourcing and important or critical outsourcing arrangements.
The solution allows you to hand over the register in an electronically readable form to the Danish Financial Supervisory Authority, which is a requirement according to the new outsourcing notice.