Library Update

EBA Guidelines on ICT and Security Risk Management, TISAX - VDA ISA, Vendor Risk Management and more are now covered in the Alyne Content Library.

EBA Guidelines on ICT & Security Risk Management, TISAX - VDA ISA, Vendor Risk Management and more are now covered in the Alyne Content Library. 

Great news for all users, we have recently updated the Alyne library with a set of new standards, guidelines and controls!


EBA Guidelines on ICT & Security Risk Management

The European Banking Authority Guidelines on ICT & Security Risk Management (EBA/GL/2019/04) is now covered in the Alyne Content Library. These guidelines establish requirements for credit institutions, investment firms and payment service providers (PSPs) on the mitigation and management of their information and communication technology (ICT) and security risks.

The new content includes a Control Set containing 422 Controls. Financial institutions in the EU market can now leverage on our Control Set to gain better insights to their ICT and security risk situation and achieve compliance to the guidelines as set out by EBA.

The EBA Guidelines will enter into force on 30 June 2020. The Guidelines on security measures for operational and security risks under PSD2 (EBA GL/2017/17) issued in 2017 have been fully integrated into these guidelines and will be repealed once these guidelines become applicable.


TISAX - VDA ISA v4.1.1

We are pleased to include the industry standard 'VDA Information Security Assessment', also known as 'Trusted Information Security Assessment Exchange' (TISAX), as defined by the German Association of the Automotive Industry VDA in version 4.1.1, to the Alyne Content Library. This content includes a Control Set containing 450 Controls.

With this addition, organisations in the German automotive industry can benefit from a better understanding of the requirements for securing their supply chains and ensuring the necessary requisites for compliance with TISAX. Users can also perform a gap analysis to ISO/IEC 27001, from which TISAX was derived with regards to information security, without much effort thanks to Alyne's amazing software analytics capability.


Human Resources Management Financial-related Controls

Following our last deployment of the Fixed Asset Management and Inventory Management Controls, we have rolled out additional financial-related Controls under the topic of Human Resources Management.

This addition includes 30 new Controls and covers the likes of payroll and compensation, employee pension scheme, expense claims process and data management. We have included these Controls to help companies implement best practices pertaining to managing employee personnel data and the accounting of payroll, pension and expense claims. Ensuring there is proper accounting and segregation of duties can significantly minimise risks such as fraud and collusion when dealing with payroll and compensation.


Vendor Governance Funnel & Control Set Pack

With vendor governance becoming an increasingly employed use case in Alyne, we have supplemented our Funnel and Control Set with more vendor governance related content!

The newly added 'Vendor Risk' Funnel classifies vendors into high, medium and low risk groups based on key risk indicators, such as known risks or incidents associated with the vendor and maturity of integration of the vendor's service. This subsequently launches Assessments according to the potential risk exposure.

The 3 'Vendor Risk Management' Control Sets define control frameworks for managing assurance for high, medium and low risk third party service providers. The Control Sets containing 127, 70 and 45 Controls respectively, come with corresponding Assessments to allow users to measure the maturity of their vendor governance framework. The focus of these sets are on the provision of data related services and less on physical security.

These additions will indubitably benefit businesses aiming to minimise vendor risk and achieve greater value by obtaining transparency and standardisation in their processes to ensure vendors and suppliers stay compliant.


As with all library updates, the standards, guidelines and Controls have been provided to existing and new Alyne customers alike. Contact our sales team at [email protected] to learn how Alyne can help your organisation, or request information about how you can experience Alyne’s capabilities in a Proof of Concept.

Tamara Gurschler

Related Posts

Library Update: ACSC Essential Eight 2021

The Alyne Library has recently been updated with a Control Set covering the July 2021 version of the Essential Eight Maturity Model issued by the Australian Cyber Security Centre (ACSC). The standard allows self-assessments based on the highest maturity level provided within the Essential Eight Maturity Models.

Library Update: TISAX VDA ISA Version 5.0.4

The Alyne Library has recently been updated with a Control Set covering version 5.0.4 of the Information Security Assessment (ISA) issued by the Verband der Automobilindustrie (VDA). The ISA allows for self-assessments, audits and health checks in accordance with the Trusted Information Security Assessment Exchange (TISAX).

Library Update: UK GDPR

The Alyne Library has recently been updated with a Control Set covering the United Kingdom General Data Protection Regulation (UK GDPR). It explains the general data protection regime that applies to most UK businesses and organisations, and covers the UK GDPR, tailored by the Data Protection Act 2018.