automates and decentralizes governance, risk management and compliance with VASGARD/IAN


DZ HYP, one of the leading real estate and Pfandbrief banks in Germany, implemented the overall VASGARD/IAN system in a multi-step project to support its GRC (Governance, Risk and Compliance) activities. To do this, Vasgard first merged different data sources, developed workflows in the form of apps, and customized the platform specifically to meet the cooperative bank’s requirements.

Today, the bank uses a single overall GRC system that maps the complex processes specific to the institution. Many work steps could be automated. The overall VASGARD/IAN system generates meaningful reports on the risk situation, which are characterized by very high quality. By using various apps that are geared to a specific purpose, the bank decentralizes its compliance functions and integrates many users with different authorizations. This automatically reduces the need for coordination between departments.

In this way, DZ HYP not only saves time and money, but also meets the stricter requirements of banking supervision (BaFin and ECB). Since September 2020, the solution has also served as a central management and control tool for EBA-compliant outsourcing management.

»From ITSM to information security and data protection management to emergency and crisis management, the entire IT governance works with the platform. Auditors and internal audit also get along excellently with the system.«

Michael Brauer Senior IT Risk Manager at DZ HYP AG

Key figures

  • VASGARD/IAN maps approximately 15,000 information assets with more than 45,000 links.
  • Implementation of ten apps.
  • Setup of 40 roles.
  • Automated support of more than 140 users in all essential workflows for ISM, BCM and DSM – BA-IT and MaRisk compliance.



Firewall Recertification


Application Management