Compliance with the rules and regulatory requirements of information security

For Munich Re Group it is key to protect the company’s information, confidential data and trade secrets as well as the personal data of our staff members and clients. Therefore, Munich Re is taking great efforts and investments to face the emerging risk for information security with resilient and secure processes, modern technology and highly qualified staff.

In alignment with the Group Risk Management Policy, the globally binding Information Security Management Policy (ISM Policy) of Munich Re Group sets out minimum requirements, objectives, responsibilities, processes and reporting procedures for Information Security Management.

Munich Re Group has to manage an ever-increasing amount of information and data, both internal and external from clients or other stakeholders. In addition, Munich Re has to provide reliable and consistent information to customers, investors and regulators. On the other hand, the number of threat actors trying to exploit vulnerabilities in the processes and IT security of companies is rising and leads to a continuous increase of the company’s risk exposure.

Therefore, the implementation of resilient and secure processes, the usage of modern information technology and the staffing of highly qualified information security experts is key to achieving the business goals as a leading financial services company. It requires the adoption of advanced platforms that will allow secure and flexible processing of data and sharing of information, empowering collaborative interactions and innovation.

It should be expected that the lifecycle of technology platforms is becoming shorter, while the amount of data that is processed, the performance of the Information Technology (IT) systems that are required, and the value of the produced information, are significantly increasing. Munich Re needs to be prepared for this in order to successfully compete in an environment where entry barriers to markets are changing and competition will be more diverse.

The policies help to ensure that Information Security fulfills contractual obligations to clients as well as reporting requirements in a constantly changing environment and in times of crises.

The guiding principle of the ISM Policy is to foster collaboration and permanent exchange between business and central unit stakeholders, information technology, risk management and data protection officers.

In general, information security is a topic that affects all employees handling information of Munich Re (Group) and is important to secure Munich Re (Group) assets and investments. Therefore, policies, guidelines and work instructions for information security management must be applied and complied with accordingly.