automates and decentralizes governance, risk management and compliance with VASGARD/IAN

DZ HYP, one of the leading real estate and Pfandbrief banks in Germany, implemented the overall VASGARD/IAN system in a multi-step project to support its GRC (Governance, Risk and Compliance) activities. To do this, Vasgard first merged different data sources, developed workflows in the form of apps, and customized the platform specifically to meet the cooperative bank’s requirements.

Today, the bank uses a single overall GRC system that maps the complex processes specific to the institution. Many work steps could be automated. The overall VASGARD/IAN system generates meaningful reports on the risk situation, which are characterized by very high quality. By using various apps that are geared to a specific purpose, the bank decentralizes its compliance functions and integrates many users with different authorizations. This automatically reduces the need for coordination between departments.

In this way, DZ HYP not only saves time and money, but also meets the stricter requirements of banking supervision (BaFin and ECB). Since September 2020, the solution has also served as a central management and control tool for EBA-compliant outsourcing management.

»From ITSM to information security and data protection management to emergency and crisis management, the entire IT governance works with the platform. Auditors and internal audit also get along excellently with the system.«

Michael Brauer Senior IT Risk Manager at DZ HYP AG

Key figures

  • VASGARD/IAN bildet rund 15.000 Informations-Assets mit etwas 45.000 Verknüpfungen ab
  • Implementierung von zehn Apps
  • Einrichtung von 40 Rollen
  • Automatisierte Unterstützung von rund 140 Nutzern allen wesentlichen Arbeitsabläufen für ISM, BCM und DSM – BA-IT und MaRisk konform



Firewall Regel Rezertifizierung


Anwendungs Lifecycle Management