Source: OJ L, 2024/1774, 25.6.2024

Current language: EN

Article 14 Securing information in transit

Summary What does Article 14 of the RTS on ICT risk management framework say?

This article focuses on the protection of information in transit, requiring financial entities to develop and implement policies, procedures, protocols, and tools to preserve the availability, authenticity, integrity, and confidentiality of data as it moves across networks.

It sits within the broader set of data safeguarding obligations and connects directly to the data classification and ICT risk assessment processes established elsewhere in the regulation, as those results must form the basis of how these protections are designed.

Important points:

  • Develop, document, and implement policies and tools to protect information in transit, covering data confidentiality and integrity during network transmission, prevention and detection of data leakage, and confidentiality or non-disclosure arrangements with staff and third parties.
  • The design of these protections must be based on the results of the approved data classification and ICT risk assessment.
  • Confidentiality and non-disclosure arrangements must be implemented, documented, and regularly reviewed.

Springlex's summary of the article, a reading aid, not a substitute for the legal text.

    1. As part of the safeguards to preserve the availability, authenticity, integrity and confidentiality of data, financial entities shall develop, document, and implement the policies, procedures, protocols, and tools to protect information in transit. Financial entities shall in particular ensure all of the following:

      1. the availability, authenticity, integrity and confidentiality of data during network transmission, and the establishment of procedures to assess compliance with those requirements;

      2. the prevention and detection of data leakages and the secure transfer of information between the financial entity and external parties;

      3. that requirements on confidentiality or non-disclosure arrangements reflecting the financial entity’s needs for the protection of information for both the staff of the financial entity and of third parties are implemented, documented, and regularly reviewed.

    1. Financial entities shall design the policies, procedures, protocols, and tools to protect the information in transit referred to in paragraph 1 on the basis of the results of the approved data classification and of the ICT risk assessment.

Table of contents

We're continuously improving our platform to serve you better.

Your feedback matters! Let us know how we can improve.

Contact us:

springlex@springflod.se

Found a bug?

Springflod is a Swedish boutique consultancy firm specialising in cyber security within the financial services sector.

We offer professional services concerning information security governance, risk and compliance.

Crafted with ❤️ by Springflod