Beta

Source: OJ L, 2024/1774, 25.6.2024

EN

Recital 16 ICT security testing

It is necessary to ensure that software packages that financial entities referred to in Title II of this Regulation acquire and develop are effectively and securely integrated into the existing ICT environment, in accordance with established business and information security objectives. Financial entities should therefore thoroughly evaluate such software packages. For that purpose, and to identify vulnerabilitiesmeans a weakness, susceptibility or flaw of an asset, system, process or control that can be exploited; and potential security gaps within both software packages and the broader ICT systems, financial entities should carry out ICT security testing. To assess the integrity of the software and to ensure that the use of that software does not pose ICT security risks, financial entities should also review source codes of software acquired, including, where feasible, of proprietary software provided by ICT third-party service providersmeans an undertaking providing ICT services;, using both static and dynamic testing methods.

Table of contents

We're continuously improving our platform to serve you better.

Your feedback matters! Let us know how we can improve.

Contact us:

springlex@springflod.se

Found a bug?

Springflod is a Swedish boutique consultancy firm specialising in cyber security within the financial services sector.

We offer professional services concerning information security governance, risk and compliance.

Crafted with ❤️ by Springflod