Source: OJ L, 2024/1774, 25.6.2024Current language: SV
- Digital operational resilience in the financial sector
ICT risk management
- RTS on ICT risk management framework
Artikel 30 Klassificering av informationstillgångar och IKT-tillgångar
Summary What does Article 30 of the RTS on ICT risk management framework say?
This article sits within the simplified ICT risk management framework applicable to a specific subset of financial entities under Article 16(1) of DORA.
It establishes the foundational mapping exercise those entities must carry out: identifying, classifying, and documenting their critical or important functions alongside the information and ICT assets that support them, including how those assets interrelate.
It also separately requires those same entities to identify which of their critical or important functions are supported by ICT third-party service providers.
This article effectively underpins much of what follows in the simplified framework, as knowing what you have and what depends on what is a prerequisite for managing risk.
Important points:
- Identify, classify, and document all critical or important functions, their supporting information and ICT assets, and the interdependencies between them, reviewing this as needed.
- Identify all critical or important functions that are supported by ICT third-party service providers.
- This obligation applies to financial entities operating under the simplified ICT risk management framework, not all financial entities covered by DORA.
Springlex's summary of the article, a reading aid, not a substitute for the legal text.
Som en del av den förenklade IKT-riskhanteringsram som avses i artikel 16.1 a i förordning (EU) 2022/2554 ska de finansiella entiteter som avses i punkt 1 i den artikeln identifiera, klassificera och dokumentera alla kritiska eller viktiga funktioner, de informationstillgångar och IKT-tillgångar som stöder dem och deras ömsesidiga beroenden. Finansiella entiteter ska vid behov se över denna identifiering och klassificering.
De finansiella entiteter som avses i punkt 1 ska identifiera alla kritiska eller viktiga funktioner som stöds av tredjepartsleverantörer av IKT-tjänster.
Springlex and this text is meant purely as a documentation tool and has no legal effect. No liability is assumed for its content. The authentic version of this act is the one published in the Official Journal of the European Union.
Definition
IKT-tillgång
(En. ICT asset)
Definition
IKT-tjänster
(En. ICT services)
Definition
tredjepartsleverantör av IKT-tjänster
(En. ICT third-party service provider)
Definition
informationstillgång
(En. information asset)
Definition
nätverks- och informationssystem
(En. network and information system)