Insurance
Insurance companies have been subject to DORA since 17 January 2025. PAM Xpert supports insurers in building DORA-compliant ICT risk management structures.
New obligations for the insurance sector
Insurance companies are explicitly within DORA’s scope. With its entry into force on 17 January 2025, the previously applicable VAIT was replaced. DORA requires a complete ICT risk management framework, incident reporting procedures, digital resilience tests and active management of ICT third-party risks.
Solvency II (Pillar II: Governance) additionally requires an effective internal control system. IAM and PAM are direct building blocks of this control system.
EIOPA Guidelines: EIOPA guidelines on operational security (EIOPA-BoS-22/090) explicitly address access management and privileged access as part of ICT security requirements for insurance companies.
DORA readiness for insurance companies
PAM Xpert supports insurance companies in DORA-compliant securing of privileged access.
