Information Security

In the financial system

One of the central objectives of BaFin’s regulatory requirements is to ensure effective risk management. Satisfying the increasing number of requirements means more personnel expenditure and organizational and technological effort.

The 3 lines-of-defense model has established itself as a means to identify and manage risks. We specialize in consulting and support services relating to the 1st and 2nd Lines of Defense.

3 LoD

Based on “Guidance on the 8th EU Company Law Directive”, FERMA / ECIIA (2010), extended by usd AG

BaFin requirements

The topic of IT is a key focus in supervisory special audits. The aim of this approach is to increase IT security in the market and raise the IT risk awareness among the companies affected.

The requirements contain an adaptive and practice-oriented framework for the technical and organizational design of IT. With a focus on the management of IT resources and on IT risk management, they entail not inconsiderable adjustments to the internal organizational structure.


Supervisory Requirements for IT in Financial Institutions


Supervisory Requirements for IT in German Asset Managers


Supervisory Requirements for IT in Payment and E-Money Institutions


Supervisory Requirements for IT in Insurance Undertakings

Project support

The impact a new project will have on information security must be considered as early as possible.

icons consulting projekte 1

Ensuring information security while selecting, prioritizing and planning projects

icons consulting projekte 2

Project management with a special focus on information security

icons consulting projekte 3

Working on concrete work packages that are part of the project



Please contact us with any questions or queries.

Phone: +49 6102 8631-190
Contact form


Felix Schmidt
usd Team Lead Sales
Security Consulting