Deutsche Bank

Corporate Responsibility
Report 2015

Information security

  • Information Security Management certified to ISO 27001
  • Mandatory information security training and awareness courses

As a bank, we rely on our reputation and the trust placed in us by our customers and stakeholders within and outside our sector. This reputation is founded on integrity, reliability, and discretion. We operate in a business environment where there is a high dependence on information, most of which is digital.

One of Deutsche Bank’s highest priorities is to protect the confidentiality, integrity, and availability of customer data and the bank’s information assets. We have established a comprehensive information and cyber security program, and governance framework, to ensure adherence to security policies and standards in conjunction with evolving business requirements, regulatory guidance, and emerging threats. Our policies set our standards of information security and provide a formal declaration of the Management Board’s intention to ensure the security of information within the Group. The Information Security Management of Deutsche Bank is certified with the international standard of ISO 27001.

Our Chief Information Security Office implements the information security policy framework. This includes the Information Security Principles and an Information Security Procedure document available to everyone at Deutsche Bank. The Chief Business Information Security Officers of our various business divisions have the ultimate responsibility for the operational aspects of ensuring compliance with the Information Security Principles. The officers also act as the governance lead for information security management in their division.

However, it is the responsibility of each employee to ensure that the Information Security Principles and related procedures are implemented in practice. Mandatory Information Security Training and Awareness courses for internal and external staff are regularly conducted and tracked to ensure that they are completed. To complement training, other channels are used to raise awareness, including a dedicated website, awareness videos, phishing campaigns, and cyber security road shows. Continual security monitoring of Deutsche Bank’s critical Information Technology (IT) systems and a 24-hour global security hotline for all employees and service providers to report cyber-security-related issues are in place to detect anomalies and potential security breaches.

Data privacy/protection

As a global financial services provider, we rely on global IT-based processes and applications. Data privacy/protection is, therefore, a material issue for us to safeguard the personal rights of our private clients and employees. Data Privacy is one dimension in our 3LoD program. We also analyze policy developments and, where necessary, initiate remedial measures or amend our controls framework.

A specialized, independent control function focuses on the permissibility of the collection, processing and use of personal information entrusted to a Bank with offices in Frankfurt am Main, New York, UK, Singapore and Berlin. It reports to the Management Board, with support from Data Privacy Officers in every country that we operate in.

In recent years, our focus has been on the Asia Pacific region, since many of these countries have enshrined data protection in law for the first time. In 2016, we will return our focus to Europe to fully support the implementation of the EU General Data Protection Regulation.