Source: OJ L, 2025/1190, 18.6.2025

Current language: EN

Annex II Content of the scope specification document (Article 9(6))

  1. The scope specification document shall contain a list of all critical or important functions identified by the financial entity.

  2. For each identified critical or important function, the following information shall be included:

    1. where the critical or important function is not included in the scope of the TLPT, the explanation of the reasons for which it is not included;

    2. where the critical or important function is included in the scope of the TLPT:

      1. the explanation of the reasons for its inclusion;

      2. the identified ICT system(s) supporting that critical or important function;

      3. for each identified ICT system:

        1. whether it is outsourced and if so, the name of the ICT third party service provider;

        2. the jurisdictions in which the ICT system is used;

        3. a high-level description of preliminary flag(s), indicating which security aspect of confidentiality, integrity, authenticity or availability is covered by each flag.

We're continuously improving our platform to serve you better.

Your feedback matters! Let us know how we can improve.

Contact us:

springlex@springflod.se

Found a bug?

Springflod is a Swedish boutique consultancy firm specialising in cyber security within the financial services sector.

We offer professional services concerning information security governance, risk and compliance.

Crafted with ❤️ by Springflod