On 6 February 2020, EIOPA published its Guidelines on outsourcing to cloud service providers (the Guidelines). The Guidelines will apply from 1 January 2021 to all cloud outsourcing arrangements entered into or amended on or after that date.
The Guidelines address a number of issues, including, the following:
- what should be considered within the ‘scope’ of outsourcing to cloud service providers;
- governance of cloud outsourcing arrangements, including the requirement that thorough risk assessments be carried out when outsourcing any critical or important functions or activities (CIFA) to a cloud service provider;
- changes to the risk profile of the undertaking as a result of the outsourcing to a cloud service provider should be reflected in its Own Risk Solvency Statement (ORSA);
- papering of cloud outsourcing arrangements, including documenting the arrangement in a written agreement, updating the undertaking’s outsourcing policy and making notifications to the undertaking’s supervisory authority;
- due diligence of cloud outsourcing arrangements, including a set of criteria to be followed to assess whether a cloud outsourcing arrangement relates to a CIFA; and
- sub-outsourcing of CIFAs to cloud service providers.
The Guidelines will apply to both individual insurance and reinsurance undertakings and to groups as defined in the Solvency II Directive.
Recommended Insights
Article and Insights
1
Feb 2024
William Fry is pleased to launch its Responsible Business Annual Report 2023.
Article and Insights
2
Feb 2024
We focus on the second batch of draft implementation measures announced by the Eur...
Partner
John O’Connor
Article and Insights
2
Feb 2024
The Supreme Court has refused leave to appeal from a decision rejecting John Delan...
Consultant
Deirdre O’Donovan
Article and Insights
24
Jan 2024
The High Court recently dismissed a petition seeking the winding up of a biofuel c...
Partner
Fergus Doorly
prev
next