Security in end-user computing

Meeting BAFIN requirements and reducing risks


Let us work together to meet the EUC requirements

With the BAIT, VAIT, KAIT and ZAIT requirements, BAFIN has laid down detailed guidelines for the managed use of end-user computing (EUC). Unlike standard software, EUC applications are developed and operated decentrally in specialist departments. These applications are given preference because of supposed advantages they offer (such as time or cost savings), without considering the associated risks.

BAFIN's regulatory requirements oblige companies to establish rules for the use of IDV applications, among other things. In addition, companies are obliged to identify, assess, monitor and manage the risks associated with the use of IDV applications.


Regulations and measures relating to the use of EUC

Under BAFIN’s regulatory requirements, companies are obliged to establish rules on the use of EUC applications, among other things. In addition to that, they are also required to identify, assess, monitor and manage the risks associated with the use of EUC applications.

The guidelines on the deployment and secure use of the EUC applications that are in operation must be reviewed, adapted as needed and operationalised. Following these guidelines can help ensure the BAFIN-specific requirements are met.

Do you know how EUC is used at your company as well as the risks associated with this? Get ready for your next BAFIN audit now!

Get in touch now

What we offer

Targeted implementation of your individual requirements

With our vast industry know-how and highly specialised experts, we support you in the implementation and operationalisation of the BAFIN requirements. We are there to assist you in the following phases:

    • Definition of EUC applications: Preparing the criteria for the classification of applications as EUC apps and developing a decision tree to streamline this process.
    • Classification of EUC applications by protection requirement class: Defining classification categories based on the protection requirement class specified within the scope of the protection requirement analysis.
    • EUC platforms: Defining the data processing or software systems that make it possible to program and operate applications outside the IT-managed IT processes.
    • Definition of responsibilities: Defining the necessary roles and describing responsibilities in the context of developing EUC applications.
    • Definition of requirements: Compiling the corresponding requirements based on the protection requirements or the defined classification categories.
    • Developing the corresponding specifications for documentation for EUC applications and preparing templates.
    • Checking and ensuring the completeness of the data collected as part of the inventory check of EUC applications.
    • Support in performing protection requirement analyses for EUC applications and categorising them based on the identified protection requirements.
    • Defining and monitoring the EUC application development process.

Do you have any questions?

There is no website or brochure which can replace a personal meeting to talk about your goals and topics. We are looking forward to an appointment on site.

Save this page. Remove this page.