Source: OJ L, 2024/1774, 25.6.2024Current language: DE
- Digital operational resilience in the financial sector
ICT risk management
- RTS on ICT risk management framework
Artikel 30 Klassifizierung von Informations- und IKT-Assets
Summary What does Article 30 of the RTS on ICT risk management framework say?
This article sits within the simplified ICT risk management framework applicable to a specific subset of financial entities under Article 16(1) of DORA.
It establishes the foundational mapping exercise those entities must carry out: identifying, classifying, and documenting their critical or important functions alongside the information and ICT assets that support them, including how those assets interrelate.
It also separately requires those same entities to identify which of their critical or important functions are supported by ICT third-party service providers.
This article effectively underpins much of what follows in the simplified framework, as knowing what you have and what depends on what is a prerequisite for managing risk.
Important points:
- Identify, classify, and document all critical or important functions, their supporting information and ICT assets, and the interdependencies between them, reviewing this as needed.
- Identify all critical or important functions that are supported by ICT third-party service providers.
- This obligation applies to financial entities operating under the simplified ICT risk management framework, not all financial entities covered by DORA.
Springlex's summary of the article, a reading aid, not a substitute for the legal text.
Im Zuge des in Artikel 16 Absatz 1 Buchstabe a der Verordnung (EU) 2022/2554 genannten vereinfachten IKT-Risikomanagementrahmens ermitteln, klassifizieren und dokumentieren die in Absatz 1 jenes Artikels genannten Finanzunternehmen alle kritischen oder wichtigen Funktionen, die Informations- und IKT-Assets, die diese Funktionen unterstützen, und deren wechselseitige Abhängigkeiten. Die Finanzunternehmen überprüfen diese Ermittlung und Klassifizierung bei Bedarf.
Die in Absatz 1 genannten Finanzunternehmen ermitteln alle kritischen oder wichtigen Funktionen, die von IKT-Drittdienstleistern unterstützt werden.
Springlex and this text is meant purely as a documentation tool and has no legal effect. No liability is assumed for its content. The authentic version of this act is the one published in the Official Journal of the European Union.
Definition
kritische oder wichtige Funktion
(En. critical or important function)
Definition
Netzwerk- und Informationssystem
(En. network and information system)
Definition
IKT-Drittdienstleister
(En. ICT third-party service provider)
Definition
IKT-Asset
(En. ICT asset)
Definition
IKT-Dienstleistungen
(En. ICT services)