Cloud computing standard for the industry

The Polish Chamber of Insurance, in cooperation with the Polish Chamber of Information Technology and Telecommunications, has developed a cloud computing standard for the insurance industry. This is a set of rules for preparing and carrying out
a successful cloud implementation, taking into account all legal and supervisory requirements. A total of 27 entities were involved in the work on the project, including Accenture, Maruta Wachta and Traple Konarski Podrecki i Wspólnicy law firms, as well as technology providers and insurance companies.

‘Last year, the Polish Financial Supervision Authority imposed an obligation on insurance companies to carry out audits and reviews of the cloud services they use and report their findings. There were some doubts as to the interpretation of certain concepts, the conduct of analysis or vendor lock-in tests, as well as information requirements vis-à-vis the regulator. We were able to structure and fine-tune all those aspects thanks to the enormous commitment of many entities. The jointly developed cloud standard guarantees secure, consistent and proper functioning of insurance companies that use cloud computing‘, says Mariusz Kuna, Head of the Insurance Information Management Department at PIU.

Insurers are eager to use cloud computing

Currently, many Polish insurers already use cloud platforms and services, primarily for the creation of databases and data warehouses and for big data analysis. Cloud computing fits well in the digitalisation of insurance companies, which accelerated significantly in 2020 due to the pandemic and lockdown. Solutions that could be activated immediately (without hardware, software, installation, configuration or complex implementation) turned out to be particularly useful. As a result, insurers were able to react faster to the changing market situation, as well as to clients’ and stakeholders’ needs, while reducing the costs of their IT infrastructures.

‘The year 2020 marks a breakthrough on the way to full digitalisation of the Polish insurance industry. Cloud computing was, and still is, an important part of the process. Previously, insurers used to treat it only as a test or back-up environment. Now, it is a permanent part of business strategies. I am convinced that over time insurance companies will use cloud services to an even greater extent, especially as the number of new tools and user solutions is constantly growing’.

Digital transformation as one of the EU’s priorities

The European Union’s primary goal now is to economically recover from the pandemic as quickly as possible. Priority was, therefore, given to regulations that encourage development and investment, including those that support digital transformation. From the perspective of EU institutions, the use of cloud computing is one of the key factors in strengthening European sovereignty. The European Commission is, therefore, working on the creation of a European Alliance for Industrial Data, Edge and Cloud, which will enable the development of several projects later this year. These include joint investment in cross-border cloud infrastructure and services, as well as unification of the framework of cloud legislation
in the form of the EU Cloud Rulebook. There must be clear requirements for outsourcing agreements between financial entities and cloud providers. That is why the European Commission is working on defining standard contractual clauses.

Cloud standard – free movement of data

Other EU initiatives related to cloud computing concern, among other things, the free movement, transfer and protection of non-personal data, certification of cloud providers and standardised cloud service level agreements (SLAs). Moreover, a European map of data movement will permit the assessment of the quality of this movement into the European digital economy. We should also not forget about DORA, i.e. the ‘Digital Operational Resilience Act’ for the financial sector. It will require insurers to monitor relationships with third-party information and communication technology (ICT) providers and to document ICT risks. The DORA regulations may influence the final shape of the cloud computing standard for the Polish insurance industry that has just been developed.

‘Intensive work on issues relating to the use of cloud computing in the insurance industry is being carried out not only in Poland, but also at the European Union level. The sheer number of initiatives and regulations in this area that we have to give an opinion on is a challenge for our office in Brussels. Additionally, these issues are being worked on by as many as five Directorates-General in the European Commission and five committees in the European Parliament. Our goal is to ensure consistency between national and European requirements, as even small discrepancies can generate huge costs for Polish insurers’, says Iwona Szczęsna, International Cooperation Team Manager at the Polish Chamber of Insurance.