Skip to main content

Bank supervisory requirements for IT (BAIT)

  • Approval and control processes involving the responsible persons
  • Re-certification of assigned authorisations
  • Traceability and documentation
  learn more
Start ... Your needs > By Regulations > Bank supervisory requirements for IT (BAIT)

Bank supervisory requirements for IT (BAIT) BaFin is tightening the requirements for authorisation management

The draft of the Banking Supervisory Requirement for IT (BAIT) of the German Federal Financial Supervisory Authority (BaFin) in the February 2017 consultation aims to specify the requirements of the MaRisk and the Banking Act §25a. The practical examples refer to topics such as IT strategy, IT governance, information risk management and information security management, as well as authorisation management.

Particularly in regards to the specifications for authorisation management, the so far rather "soft" requirements and requirements of the corresponding chapters from the MaRisk (AT 4.3.1 structure and process organisation, as well as AT 7.2 technical-organisational equipment) are defined more precisely and allow less scope for the future.

IT authorisation concepts

Form the basis for the assignment of entitlements in the future and describe the conditions of use of the IT authorisations aligned with the protection requirements of the IT system.

Assignment of accounts to persons to be traded

Non-personalised IT entitlements and accounts must be assigned to an acting person without doubt in the future.

Approval and control processes

Processes involving the responsible department ensure that the establishment, modification, deactivation and deletion of IT authorisations are complied with in accordance with the IT authorisation concepts.

Re-certification

Regular review of the assigned IT authorisations with regard to their necessity, as well as the possibly associated revocation.

Traceability and documentation

According to the requirements of the BAIT, all processes of setting up, modifying, deactivating and deleting authorisations in IT systems must be documented in a comprehensible and evaluable manner.

The roll of IAM

Identity & Access Management meets BAIT requirements regarding:

  • Automatic assignment of technical accounts to natural persons
  • Traceable authorisation and control processes of authorisations
  • Uniform, company-wide business role model
  • Regular re-certification of authorisations

Ask us for more information and support in the implementation.

Use

  • Assignment of technical accounts to persons to be traded
  • Implement approval and control processes efficiently
  • Implementation of a company-wide business role model
  • Regular re-certifications of authorisations

Our Services

Advisory

Our advisory develops processes and workflows with the customer in the form of workshops, taking into account the regulatory requirements and incorporation of existing processes.

Integration

We offer support with the development and integration of IAM solutions, and lay the foundations for successful IAM operation in line with individual operating manuals.

Operations

Operations helps with day-to-day operations, monitoring and further training.

Education

Education raises awareness of BAIT requirements.

Used Solutions

We use high-performance products from leading providers for our IAM solutions.

Publications on the subject BAIT

Specialist articles:

BaFin verschärft Anforderungen an das Berechtigungsmanagement (in German)

May I help you with

David Lüthi - Business Development Manager Switzerland
David Lüthi
Business Development Manager Switzerland


+41 79 461 07 22
IPG factsheet

Platzhalter-Person - Placeholder Expert
Platzhalter-Person
Placeholder Expert


081 750 67 83
IPG factsheet

Otto Mustermeier
IAM Advanced DE

IPG factsheet

Hanna Mustermüller
IAM Advisory DE

IPG factsheet

Mike Elfner - Head of Business Consulting Germany
Mike Elfner
Head of Business Consulting Germany


+41 79 203 26 77
IPG factsheet

Martin Muster
Placeholder


+41 123 45 67
IPG factsheet

Arne Vodegel - Service Manager Germany
Arne Vodegel
Service Manager Germany


+49 170 908 04 32
IPG factsheet

Jan Johannsen - Sales Manager Germany
Jan Johannsen
Sales Manager Germany


+49 170 90 80 876
IPG factsheet

Achim Stolz - Senior Business Consultant
Achim Stolz
Senior Business Consultant


+41 79 954 90 03
IPG factsheet

Frank Pevestorf - Senior IAM Consultant
Frank Pevestorf
Senior IAM Consultant


+49 175 724 58 98
IPG factsheet

Joachim Bacoyannis - Business Development Manager
Joachim Bacoyannis
Business Development Manager


+41 79 836 10 95
IPG factsheet

Marcel Weber - Sales Manager Österreich
Marcel Weber
Sales Manager Österreich


+41 79 907 84 47
IPG factsheet

Markus Blaha - Business Development Manager Austria
Markus Blaha
Business Development Manager Austria


+43 676 734 23 00
IPG factsheet

Christian Rückert - Sales Manager Germany
Christian Rückert
Sales Manager Germany


+49 170 908 0353
IPG factsheet

Joachim Bacoyannis - Business Development
Joachim Bacoyannis
Business Development


+41 79 836 10 95
IPG factsheet