Berlin Hyp

brings compliance together on one single platform

Berlin Hyp

Berlin Hyp AG is a wholly owned subsidiary of LBBW and, with more than 150 years of experience, one of Germany’s leading real estate and Pfandbrief banks with a focus on future-oriented issues in the real estate sector. It employs approximately 550 people at locations in Germany as well as Paris, Amsterdam and Warsaw.

The goal in implementing the VASGARD/IAN platform was to fully automate IT compliance issues and link them to operational IT security. This resulted in a reduction of effort on the one hand for the 1st line in IT for IT compliance and on the other hand for the 2nd line functions. The first user groups after successful implementation of VASGARD/IAN were ISM, IT operations, operational security and IT risk management. Over time, data protection, outsourcing management, business continuity management, application management and central authorization management were added.

An essential part of the implementation was the connection of the existing SIEM system with the aim of also creating alarms from the SIEM in VASGARD/IAN and further processing them there. A particular challenge was the connection of different source systems with different data on often the same asset. As a solution, a prioritization was implemented that regulates the data update of the assets via the connected VASGARDI/IAN Integration Connector (VIC). With this and other solutions, not only the strict regulatory requirements of the supervisory authorities could be met, but also a comprehensive transparency of the assets and their properties could be achieved without generating manual efforts for the maintenance of the data.

»With VASGARD/IAN, we have built our Advanced Cyber Defense Center, consolidated and automated ITSM and ISM tasks. Our experts can now work on content. The manual effort for audits and compliance can finally be reduced.«

Clif Steinbring, ISM Board Staff at Berlin Hyp AG

Key figures

  • VASGARD/IAN maps approximately 30,000 information assets with more than 250,000 links.
  • Implementation of eight apps.
  • 14 interfaces to third-party systems.
  • Setup of 53 roles.
  • Automated support of more than 250 internal as well as several external users in all essential workflows for ISM, BCM and DSM – BA-IT and MaRisk compliance.

Apps

BIA/SBF

Business Impact and Protection Requirements Analysis

DSM

Data Security Management

ZAM

Centralized Outsourcing Management

BCM

Business Continuity Management

CSA

Control Self Assessment

IRM

IT Risk Management

AWM

Application Management

BKM

Authorization Concept Management