Compliance with the rules of data protection and information security

It is essential for Munich Re Group to protect the personal data of our staff members and clients, guard our business and sales partners’ corporate information, and our own trade secrets, if we are to be treated as a competent and trusted partner.

The globally binding Information Security Management and Business Continuity Management (ISM & BCM) Policy of Munich Re Group sets out minimum requirements, objectives, responsibilities, processes and reporting procedures for Information Security Management and Business Continuity Management.

Munich Re has to manage an always increasing amount of information and data. The data can be internal data, but also data from clients or other stakeholders. In addition, Munich Re has to provide reliable and consistent information to customers, investors, regulators, etc. Therefore, the use of modern information technology is key to achieving our business goals as a leading financial services company. This requires the adoption of advanced platforms that will allow a secure and flexible processing of data, sharing of information, empowering collaborative interactions, and innovation.

It should be expected that the life-cycles of these platforms are becoming shorter, while the amount of data that is processed, the performance of the Information and Communication Technology systems that are required, and the value of the produced information, are significantly increasing. Munich Re needs to be prepared for this in order to successfully compete in an environment where entry barriers to markets are changing and competition will be more diverse.

The ISM & BCM Policy takes into account the high degree of interdependencies between the two risk management disciplines - Information Security Management and Business Continuity Management. It also helps to ensure that Information Security and Business Continuity fulfil contractual obligations to clients as well as reporting requirements in a constantly changing environment and in times of crises.  

The guiding principle of the ISM & BCM Policy is to foster collaboration and permanent exchange between business and central unit stakeholders, information technology, risk management and data protection officers.

This is also in line according to Article 258 of the EU Commission’s Delegated Regulation (EU) 2015/35, that an effective system of governance of an insurance or reinsurance undertaking shall


  • “safeguard the security, integrity and confidentiality of information, taking into account the nature of the information in question and
  • establish, implement and maintain a Business Continuity Policy aimed at ensuring, in the case of an interruption to their systems and procedures, the preservation of essential data and functions and the maintenance of insurance and reinsurance activities, or, where that is not possible, the timely recovery of such data and functions and the timely resumption of their insurance or reinsurance activities.” [cited from Article 258 §3 of EU Commission’s Delegated Regulation 2015/35]

Furthermore the Code of Conduct outlines essential information for Munich Re’s employees:

All staff members of Munich Re Group are bound to secrecy in all company matters, as long as it cannot be assumed that the information is already public. All information is for internal use only and must be handled confidentially, unless it is expressly intended for external publication and has been classified as such. Munich Re has implemented Group-wide organizational processes and technical security measures to protect its confidential information. In addition, we offer regular training sessions and other measures to heighten awareness. These help to ensure that our confidential data is suitably protected against unauthorized access, as well as against malicious use, manipulation or loss. Any supplementary, company specific requirements and internal rules must be observed.

Further information