Recital 9 Secrecy of the TLPT

The secrecy of TLPT is of utmost importance to ensure that the conditions of the testing are realistic. For that reason, testing should be covert, and precautions should be taken to keep the TLPT confidential, including the choice of codenames that should be designed to prevent the identification of the TLPT by third parties. Should staff members responsible for the security of the financial team be aware of a planned or ongoing TLPT, it is likely that they would be more observant and alert than during normal working conditions, thereby resulting in an altered outcome of the testing. Staff members of the financial entity outside of the control teammeans the team composed of staff of the tested financial entity and, where relevant in consideration of the scope of the TLPT, staff of its third-party service providers and any other party, who manages the test; should therefore only be made aware of any planned or ongoing TLPT where there are cogent reasons and subject to the prior agreement of the test managersmeans staff designated to lead the activities of the TLPT authority for a specific TLPT to monitor compliance with this Regulation;, inter alia to ensure the secrecy of the test in case a blue teammeans the staff of the financial entity and, where relevant, staff of the financial entity’s third-party service providers and any other party deemed relevant in consideration of the scope of the TLPT, of the financial entity’s third-party service providers, that are defending a financial entity's use of network and information systems by maintaining its security posture against simulated or real attacks and that is not aware of the TLPT; member has detected the testing.