Sign In
Insurance · VAIT

Claims inbox.Counsel correspondence.In one stack.

MailGuard plus SecureMail for primary and reinsurers with VAIT context. Claims inbox, counsel mail, BaFin audit-ready. EU hosting. As of 2026.

Request a demoMailGuard in detail
At a glanceAs of 2026

Claims, sales and counsel in one platform.

  • Phishing in shared claims inboxesBEC and URL-reputation layer at the inbox
  • Counsel mail as a manual risk stepSecureMail default straight from Outlook
  • VAIT audit without measure mappingVAIT measures auditably documented
MailGuard for the claims inbox, SecureMail for counsel mail and special cases, Disclaimer for required insurer disclosures. VAIT context at the measure level.
Right for you if:Primary and reinsurersBaFin supervisionVAIT context
100 %
EU hosting
VAIT
context
§ 80
VAG
30 min.
Setup per mailbox

Compliance anchors

VAIT 8 information security§ 80 VAG IT systemsGDPR Art. 32 securityEIOPA outsourcing guidelines

Conbool supports VAIT and VAG requirements at the level of technical measures in the mail and data transport layer. Supervisory duties and the internal control system remain with the insurer.

Four building blocks for the insurer.

MailGuard for claims mail, SecureMail for counsel and special mail, DMARC for the brand, Disclaimer for required disclosures.

MailGuard

MailGuard

BEC, phishing and attachment protection for claims, sales and back-office inboxes.

MailGuard in detail
SecureMail

SecureMail

Encrypted correspondence to counsel, experts and policyholders.

SecureMail in detail
DMARC

DMARC Reports

Protect outbound identity, prepare BIMI.

DMARC Reports in detail
Disclaimer

Disclaimer

Per-line and per-channel disclosures, server-side.

Disclaimer in detail
Typical workflows

Four scenarios from a working insurer.

From claim to counsel mail.

1

Protect the shared claims inbox against phishing

Forged insurer mail to the claims team luring policyholders into clicks is blocked by MailGuard at the authentication layer.

2

Send counsel mail encrypted

Litigation files and pleadings to outside counsel straight from Outlook, with S/MIME or web reader.

3

Expert reports to assessors

SecureFiles as a direct line for large expert-report bundles to external assessors.

4

BaFin audit trail

Audit log per GDPR Art. 30 as evidence of VAIT measures during IT audits.

Architecture

Conbool as an independent layer.

Conbool sits in front of Microsoft 365 or Exchange. Policy and claims systems remain unchanged.

MX switch

Inbound SMTP runs through Conbool, Microsoft 365 stays the back-end.

VAIT layer

Configuration is documentable as a technical measure in the VAIT measure plan.

SIEM hook

Audit log via standard connector to the insurer SIEM.

Coexistence

Conbool coexists with common policy and claims systems through Outlook and SMTP.

Compliance mapping

VAIT and § 80 VAG in technical terms.

VAIT formulates minimum requirements for the IT of insurers. Conbool covers measures at the mail and data layer.

VAIT 8 information security

Confidentiality, integrity and availability measures at the mail layer.

VAIT 6 outsourcing

DPA, sub-processor list and audit rights for Conbool as outsourcing service provider.

§ 80 VAG IT systems

Conbool as a documentable technical component of business organisation.

EIOPA guidelines

EIOPA outsourcing guidelines reflected in the DPA.

Migration

Pilot in one line, then group rollout.

Pilot in one line or subsidiary, then group rollout via the Microsoft admin centre.

Pilot

One line or subsidiary starts, the rest stays unchanged.

Group rollout

Outlook add-in for all employees via the Microsoft admin centre.

Defence-in-depth

Conbool as an independent layer, optionally combined with Microsoft Defender.

Legacy sunset

Existing SEG or filter solution runs in parallel and is replaced step by step.

Frequently asked questions

How does Conbool fit VAIT?
VAIT formulates minimum requirements for insurer IT. Conbool delivers the measures at the mail and data layer and documents them auditably. Supervisory and ICS duties remain with the insurer.
What does outsourcing per VAIT 6 look like?
Conbool is an outsourcing service provider per VAIT 6 and ships DPA, sub-processor list and audit rights. EIOPA outsourcing guidelines are reflected in the DPA.
What about GDPR Art. 32?
Conbool supports the required protections from Art. 32 GDPR through encryption, EU hosting and audit log. DPA per Art. 28 GDPR included.
Can we run lines separately?
Yes. Conbool supports multi-tenant setups with separate policies per line or subsidiary, or one central tenant for the group.
What does Conbool cost for insurers?
Modular per function and per mailbox. Group volume discounts. Concrete pricing on request, depending on headcount and modules.
What about BaFin audits?
Conbool runs an audit log per GDPR Art. 30 with delivery, read and deletion events. In IT audits this can serve as evidence of VAIT measures.
Can we use SecureFiles for expert reports?
Yes. SecureFiles works as a direct line for large expert-report bundles to external assessors, with audit log per access and retention per claim.

Verwandte Lösungen

Hornetsecurity-Alternative

Deutsche MailGuard-Alternative nach der Proofpoint-Übernahme.

Phishing-Schutz

BEC, Spear-Phishing und QR-Code-Phishing erkennen und entfernen.

Ransomware-Schutz E-Mail

Mehrstufige Anhang-Filter und URL-Reputation gegen Ransomware-Kampagnen.

Spam-Filter Unternehmen

Spam und unerwünschte Massenmail mit DACH-Heuristiken filtern.

CEO-Fraud-Schutz

BEC und CEO-Fraud-Attacken über Authentifizierungs-Layer abwehren.

Verwandte Branchen

Conbool ist in benachbarten Branchen mit ähnlichem Compliance-Profil im Einsatz.

Banken & Sparkassen

BaFin-Schwester mit BAIT, MaRisk AT 7.2 und DORA — gleicher Aufsichtsmaßstab.

Automotive & Zulieferer

KFZ-Schadenregulierung, Produkthaftung und OEM-Korrespondenz.

Anwaltskanzlei

Rechtsschutzversicherung, Berufshaftpflicht und tägliche Anwaltskorrespondenz.

A VAIT-fit stack for the insurer.

Demo in 30 minutes. Pilot in one line. Modular by function.

Request a demoMailGuard in detail

Sources and date

Statements about VAIT are based on the BaFin Insurance Supervisory Requirements for IT in their respective version. Statements about § 80 VAG are based on the German Insurance Supervision Act. Statements about GDPR are based on Regulation (EU) 2016/679. Statements about EIOPA guidelines are based on publications of the European Insurance and Occupational Pensions Authority. As of 2026.

BaFin and EIOPA are designations of the respective supervisory authorities. Microsoft, Microsoft 365 and Outlook are trademarks of Microsoft Corporation. Conbool is a trademark of Conbool GmbH.