Library Update

EBA Guidelines on ICT and Security Risk Management, TISAX - VDA ISA, Vendor Risk Management and more are now covered in the Alyne Content Library.

EBA Guidelines on ICT & Security Risk Management, TISAX - VDA ISA, Vendor Risk Management and more are now covered in the Alyne Content Library. 

Great news for all users, we have recently updated the Alyne library with a set of new standards, guidelines and controls!


EBA Guidelines on ICT & Security Risk Management

The European Banking Authority Guidelines on ICT & Security Risk Management (EBA/GL/2019/04) is now covered in the Alyne Content Library. These guidelines establish requirements for credit institutions, investment firms and payment service providers (PSPs) on the mitigation and management of their information and communication technology (ICT) and security risks.

The new content includes a Control Set containing 422 Controls. Financial institutions in the EU market can now leverage on our Control Set to gain better insights to their ICT and security risk situation and achieve compliance to the guidelines as set out by EBA.

The EBA Guidelines will enter into force on 30 June 2020. The Guidelines on security measures for operational and security risks under PSD2 (EBA GL/2017/17) issued in 2017 have been fully integrated into these guidelines and will be repealed once these guidelines become applicable.


TISAX - VDA ISA v4.1.1

We are pleased to include the industry standard 'VDA Information Security Assessment', also known as 'Trusted Information Security Assessment Exchange' (TISAX), as defined by the German Association of the Automotive Industry VDA in version 4.1.1, to the Alyne Content Library. This content includes a Control Set containing 450 Controls.

With this addition, organisations in the German automotive industry can benefit from a better understanding of the requirements for securing their supply chains and ensuring the necessary requisites for compliance with TISAX. Users can also perform a gap analysis to ISO/IEC 27001, from which TISAX was derived with regards to information security, without much effort thanks to Alyne's amazing software analytics capability.


Human Resources Management Financial-related Controls

Following our last deployment of the Fixed Asset Management and Inventory Management Controls, we have rolled out additional financial-related Controls under the topic of Human Resources Management.

This addition includes 30 new Controls and covers the likes of payroll and compensation, employee pension scheme, expense claims process and data management. We have included these Controls to help companies implement best practices pertaining to managing employee personnel data and the accounting of payroll, pension and expense claims. Ensuring there is proper accounting and segregation of duties can significantly minimise risks such as fraud and collusion when dealing with payroll and compensation.


Vendor Governance Funnel & Control Set Pack

With vendor governance becoming an increasingly employed use case in Alyne, we have supplemented our Funnel and Control Set with more vendor governance related content!

The newly added 'Vendor Risk' Funnel classifies vendors into high, medium and low risk groups based on key risk indicators, such as known risks or incidents associated with the vendor and maturity of integration of the vendor's service. This subsequently launches Assessments according to the potential risk exposure.

The 3 'Vendor Risk Management' Control Sets define control frameworks for managing assurance for high, medium and low risk third party service providers. The Control Sets containing 127, 70 and 45 Controls respectively, come with corresponding Assessments to allow users to measure the maturity of their vendor governance framework. The focus of these sets are on the provision of data related services and less on physical security.

These additions will indubitably benefit businesses aiming to minimise vendor risk and achieve greater value by obtaining transparency and standardisation in their processes to ensure vendors and suppliers stay compliant.


As with all library updates, the standards, guidelines and Controls have been provided to existing and new Alyne customers alike. Contact our sales team at to learn how Alyne can help your organisation, or request information about how you can experience Alyne’s capabilities in a Proof of Concept.

Tamara Gurschler

Related Posts

Library Update: KAIT

The Alyne Content Library has recently been updated with a Control Set covering KAIT (Kapitalverwaltungsaufsichtliche Anforderungen an die IT) – the German BaFin's supervisory requirements for IT in Fund and Asset Management, defined in the 11/2019 (WA) circular in the version as of October 1, 2019.
Read more

Library Update: Health Insurance Portability and Accountability Act (HIPAA)

The Alyne team has recently rolled out a brand new addition to the Content Library with a comprehensive mapping of The Health Insurance and Accountability Management Act (HIPAA). This mapping covers not only section 164.3xx (Security Standards), but also the rules outlined in section 164.4xx (Breach Notification) and section 164.5xx (Privacy Aspects).
Read more

Introducing SOX-in-a-Box: Alyne's Internal Control over Financial Reporting (ICFR)

We are very excited to introduce Alyne's new Internal Control over Financial Reporting (ICFR) Control Set, which further expands on Alyne's extensive Library of Financial Controls. In this article, you will gain insight into how Alyne's out-of-the-box ICFR Capabilities can provide your organisation with an extensive health check for SOX and SOC 1 compliance.
Read more