Home Knowledge In Short: EIOPA Guidelines on Outsourcing to Cloud Service Providers

In Short: EIOPA Guidelines on Outsourcing to Cloud Service Providers

February 7, 2020
Consultant
John Larkin

On 6 February 2020, EIOPA published its Guidelines on outsourcing to cloud service providers  (the Guidelines). The Guidelines will apply from 1 January 2021 to all cloud outsourcing arrangements entered into or amended on or after that date.

The Guidelines address a number of issues, including, the following:

  • what should be considered within the ‘scope’ of outsourcing to cloud service providers;
  • governance of cloud outsourcing arrangements, including the requirement that thorough risk assessments be carried out when outsourcing any critical or important functions or activities (CIFA) to a cloud service provider;
  • changes to the risk profile of the undertaking as a result of the outsourcing to a cloud service provider should be reflected in its Own Risk Solvency Statement (ORSA);
  • papering of cloud outsourcing arrangements, including documenting the arrangement in a written agreement, updating the undertaking’s outsourcing policy and making notifications to the undertaking’s supervisory authority;
  • due diligence of cloud outsourcing arrangements, including a set of criteria to be followed to assess whether a cloud outsourcing arrangement relates to a CIFA; and
  • sub-outsourcing of CIFAs to cloud service providers.

The Guidelines will apply to both individual insurance and reinsurance undertakings and to groups as defined in the Solvency II Directive.

 

Recommended Insights

See all
Article and Insights
8
Aug 2023
William Fry’s Half Year M&A Review 2023
The Irish M&A market experienced a dip of 2% in the number of qualifying deals dur...
WF_author_blank
Partner
Stephen Keogh
Article and Insights
6
Sep 2023
Asset Management & Investment Funds Update – September 2023
Welcome to the September 2023 edition of our Asset Management & Investment Funds U...
WF_author_blank
Partner
Patricia Taylor
Article and Insights
21
Dec 2022
Central Bank Highlights Key Prudential Risks Facing Irish Insurers in 2023
The Central Bank of Ireland highlights the key prudential risks that will inform i...
WF_author_blank
Partner
Eoin Caulfield
Article and Insights
27
Jan 2023
Data Protection Day 2023: 2022 Snapshot and Trends for 2023
William Fry is pleased to celebrate the Council of Europe's annual Data Protection...
WF_author_blank
Senior Associate
Rachel Hayes
Article and Insights
17
Feb 2023
Dear CEO Letter on the Central Bank’s Key Regulation and Supervision Priorities for 2023
On 16 February 2023, the Central Bank published a Dear CEO Letter addressing the C...
WF_author_blank
Partner
Shane Kelleher
Article and Insights
18
Mar 2020
In Short: IFRS 17 Implementation Date Deferred until 1 January 2023
WF_author_blank
Consultant
John Larkin
Report
8
Aug 2023
Irish M&A Market records 177 deals worth €5.2bn in first half of 2023
In line with international deal activity, Ireland’s mergers and acquisitions (M&A)...
WF_author_blank
Partner
Stephen Keogh
prev
next
See all