IT Compliance

Responsibility for the compliance of legal requirements and regulations regarding Security and Availability of information means:

   .: Early recognition of vulnerabilities through active risk management
   .: Protection from personal liabilities for Board members and company management. They are accountable to the       shareholders with unlimited potential liabilities, including their private assets
   .: Recognition of obligations of employees in their respective areas of responsibility. In case of negligence, an
      employee is liable for his actions to the company and may have his income confiscated

Legal Standards with implications for IT


  Risk Management defines the requirements of business processes to the
  IT infrastructure


  Implementation of legal provisions for IT

   .: Exact identification of requirements
          > Which concrete legal provisions must be fulfilled?
          > Who is the supervisor? What will be controlled?

   .: Close cooperation between the responsible employees and the supervisor
          > Operating Department, Management
          > Internal- and External Auditor

   .: Allocation of legal provisions to the respective business processes and IT systems
   .: validation of the processes and systems
   .: gap-closing


German - English