Source: OJ L, 2024/1774, 25.6.2024Current language: FR
- Digital operational resilience in the financial sector
ICT risk management
- RTS on ICT risk management framework
Article 5 Procédure de gestion des actifs de TIC
Summary What does Article 5 of the RTS on ICT risk management framework say?
Article 5 sits closely alongside Article 4, which establishes the policy on ICT asset management.
Where Article 4 sets out the policy framework and record-keeping requirements, Article 5 focuses on the operational procedure that financial entities must put in place to actually manage those assets.
The core of the article is a requirement to define the criteria for assessing how critical information assets and ICT assets are, anchored in two considerations: the ICT risk associated with the business functions that depend on those assets, and the potential business impact if the confidentiality, integrity, or availability of those assets were to be lost.
Important points:
- Develop, document, and implement a procedure for the management of ICT assets.
- The procedure must set out the criteria for conducting a criticality assessment of both information assets and ICT assets that support business functions.
- That criticality assessment must account for both the ICT risk tied to dependent business functions and the potential business impact of losing confidentiality, integrity, or availability of those assets.
Springlex's summary of the article, a reading aid, not a substitute for the legal text.
Les entités financières élaborent, documentent et mettent en œuvre une procédure de gestion des actifs de TIC.
La procédure de gestion des actifs de TIC visée au paragraphe 1 précise les critères utilisés pour procéder à l’évaluation de la criticité des actifs d’information et des actifs de TIC soutenant des fonctions «métiers». Cette évaluation tient compte:
du risque lié aux TIC associé à ces fonctions «métiers» et de leur dépendance à l’égard des actifs d’information ou des actifs de TIC;
de l’incidence que la perte de confidentialité, d’intégrité et de disponibilité de ces actifs d’information et actifs de TIC aurait sur les processus opérationnels et les activités des entités financières.
Springlex and this text is meant purely as a documentation tool and has no legal effect. No liability is assumed for its content. The authentic version of this act is the one published in the Official Journal of the European Union.
Definition
sécurité des réseaux et des systèmes d’information
(En. security of network and information systems)
Definition
risque lié aux TIC
(En. ICT risk)
Definition
actif de TIC
(En. ICT asset)