
CIRCULARS COVERING THE ICT CONTROL FUNCTION
A focus on Information and Communication Technology (ICT)
related risks and instructions
on how to manage them
What you learn
-
What are the areas for improvement in ITC controls
-
Strong practices to manage ITC control environments in organizations
-
The requirements for ICT and security risk management (CSSF Circular 20/750)
-
Regulatory aspects of telework and ICT (CSSF Circular 22/804, an update of CSSF Circular 21/769, which only covers security aspects)
-
What are outsourcing arrangements (CSSF Circular 22/806)
-
How to monitor fraud and handle incidents (CSSF Circulars 9/712-11/504-21/787-15/603)
-
Open Banking API (CSSF Circular 19/720-EBA/OP/2020/10)
What the training includes

MODULE 1
Outsourcing Oversight​
-
Analysis of key elements of CSSF Circular 22/806 on outsourcing arrangements
-
In-depth introduction of MAQIT's outsourcing framework, built to meet all regulatory expectations
Duration: 2h

MODULE 2
Information Security and ICT Risk Management
-
Analysis of key elements of CSSF Circular 20/750 on information and communication technology (ICT) requirements and security risk management
-
In-depth introduction of MAQIT's ICT Framework, built to support CISO and compliance teams
-
Review of CSSF Circular on Teleworking 22/804 and update on CSSF Circular 21/769
Duration: 2h

MODULE 3
PSD2 IT Regulatory
-
Analysis of key elements of the Payment Services Directive II (PSD2) regulations.
-
Presentation of a circular framing Open Banking, fraud monitoring and incident management
Duration: 2h
This training suits you if
-
You are a Cloud Officer, an ISO and Internal Auditor and you must comply with the new Luxembourg regulatory expectations
-
You want to improve your IT knowledge and skills
Training content
Outsourcing Oversight
-
CSSF Circular 22/806 on Outsourcing Arrangements: introduction
-
CSSF Circular 22/806 on Outsourcing Arrangements: main areas
-
Clear understanding of the client's current situation + review of existing documentation
-
Guidance in the Notification Form process
-
Performance of the Target Operating Model (TOM)
-
Outsourcing Identification
-
Performance of Criticality Assessment
-
Performance of Risk Assessment
-
Performance of the Contractual Gap Analysis
-
Design and implementation of an exit strategy
-
Performance of Due Diligence questionnaire
-
Performance of the Architecture Document
-
Guidance in maintaining CSSF Outsourcing Register / Cloud Computing Register, if applicable
Information Security and ICT Risk Management
-
CSSF Circular 20/750 on the requirements regarding information and communication technology (ICT) and security risk management: introduction
-
CSSF Circular 20/750 on the requirements regarding information and communication technology (ICT) and security risk management: main areas
-
Governance and Strategy: the management body
-
ICT and security risk management framework: people and process
-
Information Security Policy
-
ICT operations management
-
ICT project and change management
-
Business continuity management
-
Payment service user relationship management
-
How MAQIT can help you
-
Circular CSSF 21/769 on governance and security requirements for supervised entities to perform tasks or activities through Teleworking (as amended by Circular CSSF 22/804): introduction
-
Circular CSSF 21/769 on governance and security requirements for supervised entities to perform tasks or activities through Teleworking (as amended by Circular CSSF 22/804): main areas
PSD2 IT Regulatory
Fraud Monitoring and Incident Management
-
Circular CSSF 11/504: introduction
-
Circular CSSF 11/504: information to be reported
-
Circular CSSF 15/603: introduction
-
Circular CSSF 19/712: introduction
-
Circular CSSF 19/712: reporting dimensions
-
Circular CSSF 21/787: introduction
-
Circular CSSF 21/787: incident classification
-
Circular CSSF 21/787: incident reporting
-
Circular CSSF 21/787: information to be shared
​​
Open Banking API
-
Circular CSSF 19/720: introduction
-
EBA/OP/2020/10: introduction
-
How MAQIT can help you