Case Study:

Client needed to understand how they can become VAIT compliant.

The Client needed to understand why Service Mapping would be a benefit for their Critical Application Infrastructure and why it would help them meet the VAIT compliance outlined by BaFiN.

View PDFView VideoRead MoreRead More


Apps in Information Domain
VAIT Attribute Compliance
Service Mapping Business Case


" Information Domain gives us an excellent insight in to our VAIT completeness”


Gary B

Head of IT Service Transition

The Client needed to understand why Service Mapping would be a benefit for their Critical Application Infrastructure and why it would help them meet the VAIT compliance outlined by BaFiN.

This Client also needed an Information Domain to understand attributes for each application driven by the CMDB relationships. The Information Domain was a must for applications (critical and non-critical) to identify the related infrastructure. Without a way to understand the relationships driving an application and supporting entities and attributes, the Client would fail VAIT compliance. What do they have? What do they need?

Prior to a full Service Mapping project, Client requested CSX to undertake particular activities to understand how Service Mapping could benefit them. By performing a PoC, CSX were able to deliver valuable feedback to determine to the correct approach for a full Service Mapping project. We understood how identifying this vertical slice of infrastructure will meet the VAIT Compliance needs. CSX also delivered the Information Domain to demonstrate how CMDB relationships can be used as a comparison to a business application map.

How can we meet Compliance?

The Service Mapping Business case highlights why the Client should proceed with Service Mapping to ensure full VAIT compliance if audited as well as additional business benefits.  Our Business Case also recommended appropriate next steps as preparation for a Service Mapping project.  

The Information Domain provides a single view of VAIT attribute compliance per application.  This was driven from the 7 entities provided by the Client (examples are Information asset and Physical Properties).  The Information Domain considers completeness in this iteration with a view for further work to allow tracking of correctness in the future.  This is intended to provide VAIT compliance status using CMDB relationships rather than Service Mapping.

What does the Information Domain Provide?

Over 13.5k rows of data are used to populate the 450 applications within the Information Domain to review the attributes for each CI, based on their CMDB relationships, broken down in to the 7 entity categories.  

This provides audit information for over 30 VAIT attributes in scope.

What do we they now have?  What can they do in the future?

Going forward the Client can use the Information Domain to show VAIT compliance at an attribute level should they be audited by BaFin.

Should the Client decide to proceed with a Service Mapping project for full VAIT compliance, the business case is made with guidance upon how to best approach the project.

Key Client Information:

Over 2,000 ITIL users on ServiceNow

Staff Size:

Over 35,000 employees


Head office in Munich, Germany - Remote Project - BaFin regulations for VAIT Compliance

Snapshot Of Problem:

Client needed an Information Domain for VAIT Compliance and further understanding of the benefits brought by Service Mapping. BaFin provide protection consumers who buy financial products, use financial services, or who plan to do so VAIT aims at clarifying BaFin’s expectations with regard to governance requirements relating to information security and information technology. These requirements are a core supervisory component in the insurance and occupational pension sector in Germany.

Snapshot Of Solution:

Deliver an Information Domain without a reliance upon Service Mapping. Understand how Service Mapping can benefit the Client and provide a business case.

No items found.