Source: OJ L, 2024/1774, 25.6.2024

Current language: FR

Article 9 Gestion des capacités et des performances

Summary What does Article 9 of the RTS on ICT risk management framework say?

This article requires financial entities to put in place formal procedures for managing the capacity and performance of their ICT systems.

It sits within the broader ICT security framework established under Article 9(2) of DORA, and focuses on ensuring that ICT systems remain available and efficient, and that shortages are prevented before they arise.

A notable requirement is that these procedures must also account for ICT systems that are particularly resource-intensive or that involve lengthy procurement or approval processes, acknowledging that such systems carry unique operational risks.

Important points:

  • Develop, document, and implement capacity and performance management procedures covering the identification of ICT system capacity requirements, resource optimisation, and monitoring for availability, efficiency, and shortage prevention.
  • Ensure procedures specifically address ICT systems with long or complex procurement or approval processes, or those that are resource-intensive.
  • These obligations apply to financial entities as part of their wider ICT security policies under DORA.

Springlex's summary of the article, a reading aid, not a substitute for the legal text.

    1. Dans le cadre des politiques, procédures, protocoles et outils de sécurité des TIC visés à l’article 9, paragraphe 2, du règlement (UE) 2022/2554, les entités financières élaborent, documentent et mettent en œuvre des procédures de gestion des capacités et des performances pour:

      1. l’identification des besoins en capacités de leurs systèmes de TIC;

      2. la mise en œuvre de l’optimisation des ressources;

      3. les procédures de suivi visant à maintenir et à améliorer:

        1. la disponibilité des données et des systèmes de TIC;

        2. l’efficience des systèmes de TIC;

        3. la prévention des déficits de capacités en matière de TIC.

    1. Les procédures de gestion des capacités et des performances visées au paragraphe 1 garantissent que les entités financières prennent des mesures adéquates pour tenir compte des spécificités des systèmes de TIC soumis à des processus de passation de marchés ou d’approbation longs ou complexes ou des systèmes de TIC qui requièrent des ressources importantes.

Table of contents

We're continuously improving our platform to serve you better.

Your feedback matters! Let us know how we can improve.

Contact us:

springlex@springflod.se

Found a bug?

Springflod is a Swedish boutique consultancy firm specialising in cyber security within the financial services sector.

We offer professional services concerning information security governance, risk and compliance.

Crafted with ❤️ by Springflod