Source: OJ L, 2024/1774, 25.6.2024Current language: DE
- Digital operational resilience in the financial sector
ICT risk management
- RTS on ICT risk management framework
Artikel 5 Verfahren für das Management von IKT-Assets
Summary What does Article 5 of the RTS on ICT risk management framework say?
Article 5 sits closely alongside Article 4, which establishes the policy on ICT asset management.
Where Article 4 sets out the policy framework and record-keeping requirements, Article 5 focuses on the operational procedure that financial entities must put in place to actually manage those assets.
The core of the article is a requirement to define the criteria for assessing how critical information assets and ICT assets are, anchored in two considerations: the ICT risk associated with the business functions that depend on those assets, and the potential business impact if the confidentiality, integrity, or availability of those assets were to be lost.
Important points:
- Develop, document, and implement a procedure for the management of ICT assets.
- The procedure must set out the criteria for conducting a criticality assessment of both information assets and ICT assets that support business functions.
- That criticality assessment must account for both the ICT risk tied to dependent business functions and the potential business impact of losing confidentiality, integrity, or availability of those assets.
Springlex's summary of the article, a reading aid, not a substitute for the legal text.
Die Finanzunternehmen entwickeln, dokumentieren und implementieren ein Verfahren für das Management von IKT-Assets.
In dem in Absatz 1 genannten Verfahren für das Management von IKT-Assets werden die Kriterien festgelegt, nach denen die Bewertung der Kritikalität von Informationsassets und IKT-Assets, die Unternehmensfunktionen unterstützen, vorgenommen wird. Bei dieser Bewertung wird Folgendes berücksichtigt:
das IKT-Risiko im Zusammenhang mit diesen Unternehmensfunktionen und deren Abhängigkeit von den Informationsassets oder IKT-Assets;
mögliche Auswirkungen des Verlusts der Vertraulichkeit, Integrität und Verfügbarkeit solcher Informationsassets und IKT-Assets auf die Geschäftsprozesse und -tätigkeiten der Finanzunternehmen.
Springlex and this text is meant purely as a documentation tool and has no legal effect. No liability is assumed for its content. The authentic version of this act is the one published in the Official Journal of the European Union.
Definition
Netzwerk- und Informationssystem
(En. network and information system)
Definition
Informationsasset
(En. information asset)
Definition
IKT-Asset
(En. ICT asset)
Definition
IKT-Risiko
(En. ICT risk)