The requirements issued by the CSSF also deal with the supervision of information systems of financial professionals. Key CSSF regulations include:
- CSSF Circular 17/654 Compliance – Assist financial professionals, including mainly credit institutions, investment firms, specialised PSFs, support PSFs, payment institutions and electronic money institutions, as well as management companies and alternative investment fund managers, in aligning relevant IT outsourcing based on a cloud computing infrastructure to the CSSF’s requirements on cloud computing.
- CSSF Circular 12/552 Compliance – Assist Banks and Investment Firms PSFs in aligning the Information Technology and Information Security functions, as well as outsourcing initiatives, to the CSSF’s updated requirements on central administration, internal governance, and risk management
- CSSF Circular 05/178 Compliance – Assist Specialised and Support PSFs in aligning the Information Technology function to the CSSF’s requirements on IT outsourcing
- CSSF Circular 13/554 Compliance – Assist professionals of the financial sector in aligning existing (or projected) global “resources access tools” implementations (e.g. Microsoft Active Directory) to the CSSF’s requirements by in-depth analysis of IT regulatory issues and proposition of technical and organisational solutions
- CSSF Circular 12/544 Compliance – Assist Support PSFs in the design and deployment or quality assurance of the Risk Based Approach mandated by CSSF
