Hi Christophe,
Great question - the IBM FS Cloud Control Framework provides alignment with the national-specific regulations most frequently applicable to financial institutions in Luxembourg, notably:
- Luxembourg Commission de Surveillance du Secteur Financier / Commission for the Surveillance of the Financial Sector CSSF - External Computer Attacks - Circular CSSF 11/504
- Luxembourg Commission de Surveillance du Secteur Financier / Commission for the Surveillance of the Financial Sector CSSF - Managing Access to IT Resources - Circular CSSF 13/554
- Luxembourg Commission de Surveillance du Secteur Financier / Commission for the Surveillance of the Financial Sector CSSF - Risk Management Circular 12/552
- Luxembourg Commission de Surveillance du Secteur Financier / Commission for the Surveillance of the Financial Sector CSSF - Administrative and accounting organisation; IT outsourcing CSSF 17/656
- Luxembourg Commission de Surveillance du Secteur Financier / Commission for the Surveillance of the Financial Sector CSSF - Risk Management Circular 12/552; Circular CSSF 21/785
As the implementation of DORA (Digital Operational Resilience Act) progresses, we are expecting harmonization of this type of requirement at the level of the European Union, meaning that national-specific requirements for ICT Risk Management and Outsourcing will tend to diminish and disappear. I hope this answers your question.
------------------------------
Anne Leslie
Cloud Risk & Controls Leader
IBM Cloud for Financial Services
------------------------------
Original Message:
Sent: Wed September 27, 2023 09:54 AM
From: Christophe Sorre
Subject: Luxembourg CSSF Regulations
Dear all.
I'd like to know if, with our framework of controls, we covers the specific Luxembourg CSSF regulation. CSSF = Commission Surveillance Services Financiers.?
Thanks for your feedbacks on this
------------------------------
Christophe Sorré
CTO Financial Services
IBM Technology France
------------------------------