Source: OJ L, 2024/1774, 25.6.2024Current language: FR
- Digital operational resilience in the financial sector
ICT risk management
- RTS on ICT risk management framework
Article 30 Classification des actifs informationnels et des actifs de TIC
Summary What does Article 30 of the RTS on ICT risk management framework say?
This article sits within the simplified ICT risk management framework applicable to a specific subset of financial entities under Article 16(1) of DORA.
It establishes the foundational mapping exercise those entities must carry out: identifying, classifying, and documenting their critical or important functions alongside the information and ICT assets that support them, including how those assets interrelate.
It also separately requires those same entities to identify which of their critical or important functions are supported by ICT third-party service providers.
This article effectively underpins much of what follows in the simplified framework, as knowing what you have and what depends on what is a prerequisite for managing risk.
Important points:
- Identify, classify, and document all critical or important functions, their supporting information and ICT assets, and the interdependencies between them, reviewing this as needed.
- Identify all critical or important functions that are supported by ICT third-party service providers.
- This obligation applies to financial entities operating under the simplified ICT risk management framework, not all financial entities covered by DORA.
Springlex's summary of the article, a reading aid, not a substitute for the legal text.
Au titre du cadre simplifié de gestion du risque lié aux TIC visé à l’article 16, paragraphe 1, point a), du règlement (UE) 2022/2554, les entités financières visées au paragraphe 1 dudit article identifient, classent et documentent toutes les fonctions critiques ou importantes, les actifs informationnels et les actifs de TIC qui les soutiennent ainsi que leurs interdépendances. Les entités financières réexaminent cette identification et cette classification en tant que de besoin.
Les entités financières visées au paragraphe 1 identifient toutes les fonctions critiques ou importantes soutenues par des prestataires tiers de services TIC.
Springlex and this text is meant purely as a documentation tool and has no legal effect. No liability is assumed for its content. The authentic version of this act is the one published in the Official Journal of the European Union.
Definition
actif informationnel
(En. information asset)
Definition
sécurité des réseaux et des systèmes d’information
(En. security of network and information systems)
Definition
services TIC
(En. ICT services)
Definition
risque lié aux TIC
(En. ICT risk)
Definition
prestataire tiers de services TIC
(En. ICT third-party service provider)
Definition
fonction critique ou importante
(En. critical or important function)
Definition
actif de TIC
(En. ICT asset)