Investment funds and financial institutions: CSSF FAQ on minimum IT security requirements for remote access

On 17 March 2020, the CSSF issued an FAQ clarifying the recommended minimum IT security requirements for remote access implemented to meet the demands of the exceptional situation created by Covid-19 and issuing minimum recommendations with respect to:

high-privileged access: identification of user profiles with the highest risk levels (IT administrators, employees in charge of transactions/payments, etc.) and the implementation of proper security measures (strong authentication, access from a secure laptop, logging and review of sensitive actions);
secure communication: encryption of communication channels (e.g. use of VPN with AES-256, RSA-2048 encryption);
connection monitoring: controls to ensure, at least, that remote connections are consistent with recourse to teleworking (i.e. access during office hours, geofencing); 
the duration of remote access: remote access introduced due to the exceptional Covid-19 situation should be temporary and disabled once the exceptional circumstances have passed.

The CSSF is further “urging financial institutions under its prudential supervision to favour working from home as part of their business continuity plans. As already mentioned in the communication of 2 March, satisfactory IT security conditions should be guaranteed and no prior authorisation is needed for such work arrangements.

Voir aussi : Nautadutilh Avocats Luxembourg SĂ rl ( Mrs. Yoanna Stefanova ,  Mr. Luc Courtois )

[+ http://www.nautadutilh.com]

Mrs. Yoanna Stefanova Mrs. Yoanna Stefanova
Mr. Luc Courtois Mr. Luc Courtois

Click here to see the ad(s)
Tous les articles Droit financier

Derniers articles Droit financier

Sustainable Finance Disclosure Regulation: the CSSF confirms that the compliance date remains 10 ...

The Commission de Surveillance du Secteur Financier (the “CSSF”) has published a press release&...

Read more

FCA communication to Luxembourg-based entities about the UK temporary permissions regime

On 19 November 2020 the Luxembourg supervisory authority for the financial sector, the CSSF, issued press release 20/...

Read more

ESG: Sustainability Related Disclosures Are you ready?

Regulation (EU) 2019/ 2088, on the sustainability–related disclosures in the financial services sector (“SFDR&...

ESG: Sustainability Related Disclosures Are you ready? Read more

EU Crowdfunding Regulation adopted by European Parliament

The European Parliament has adopted the Regulation on European Crowdfunding Service Providers for Business, which shall en...

EU Crowdfunding Regulation adopted by European Parliament Read more

Derniers articles de Mrs. Yoanna Stefanova

Luxembourg establishes a register of fiducies and trust

The Act of 10 July 2020 ("the Act") transposes into Luxembourg law the last part of the fourth Anti-money Launde...

Read more

Luxembourg Brexit Laws: 15 September 2019 final deadline for UK based managers to notify the CSSF

On 8 April 2019, Luxembourg adopted two laws ("Brexit Laws") on measures to be taken in relation to the financia...

Read more

The Luxembourg UBO Register: the end of the transition period is fast approaching (31 August 2019)

The UBO Register Act, which entered into force on 1st March 2019, provides for a six-month transition period to submit inf...

Read more

The Luxembourg Bill Implementing Srd II as Regards the Encouragement of Long-Term Shareholder Eng...

On 25 January 2019, Bill No 7402 (the "Bill") implementing Directive (EU) 2017/828 as regards the encouragement ...

Read more

Derniers articles de Mr. Luc Courtois

LexGO Network