On 6 February 2020, EIOPA published its Guidelines on outsourcing to cloud service providers (the Guidelines). The Guidelines will apply from 1 January 2021 to all cloud outsourcing arrangements entered into or amended on or after that date.
The Guidelines address a number of issues, including, the following:
- what should be considered within the ‘scope’ of outsourcing to cloud service providers;
- governance of cloud outsourcing arrangements, including the requirement that thorough risk assessments be carried out when outsourcing any critical or important functions or activities (CIFA) to a cloud service provider;
- changes to the risk profile of the undertaking as a result of the outsourcing to a cloud service provider should be reflected in its Own Risk Solvency Statement (ORSA);
- papering of cloud outsourcing arrangements, including documenting the arrangement in a written agreement, updating the undertaking’s outsourcing policy and making notifications to the undertaking’s supervisory authority;
- due diligence of cloud outsourcing arrangements, including a set of criteria to be followed to assess whether a cloud outsourcing arrangement relates to a CIFA; and
- sub-outsourcing of CIFAs to cloud service providers.
The Guidelines will apply to both individual insurance and reinsurance undertakings and to groups as defined in the Solvency II Directive.
Recommended Insights
Article and Insights
8
Aug 2023
The Irish M&A market experienced a dip of 2% in the number of qualifying deals dur...

Partner
Stephen Keogh
Article and Insights
6
Sep 2023
Welcome to the September 2023 edition of our Asset Management & Investment Funds U...

Partner
Patricia Taylor
Article and Insights
21
Dec 2022
The Central Bank of Ireland highlights the key prudential risks that will inform i...

Partner
Eoin Caulfield
Article and Insights
27
Jan 2023
William Fry is pleased to celebrate the Council of Europe's annual Data Protection...

Senior Associate
Rachel Hayes
Article and Insights
17
Feb 2023
On 16 February 2023, the Central Bank published a Dear CEO Letter addressing the C...

Partner
Shane Kelleher
Article and Insights
18
Mar 2020

Consultant
John Larkin
Report
8
Aug 2023
In line with international deal activity, Ireland’s mergers and acquisitions (M&A)...

Partner
Stephen Keogh
prev
next