Article 17 ICT-related incident management process

---

Financial entitiesas defined in Article 2, points (a) to (t) shall define, establish and implement an ICT-related incident means a single event or a series of linked events unplanned by the financial entity that compromises the security of the network and information systems, and have an adverse impact on the availability, authenticity, integrity or confidentiality of data, or on the services provided by the financial entity; management process to detect, manage and notify ICT-related incidents means a single event or a series of linked events unplanned by the financial entity that compromises the security of the network and information systems, and have an adverse impact on the availability, authenticity, integrity or confidentiality of data, or on the services provided by the financial entity;.

Financial entitiesas defined in Article 2, points (a) to (t) shall record all ICT-related incidents means a single event or a series of linked events unplanned by the financial entity that compromises the security of the network and information systems, and have an adverse impact on the availability, authenticity, integrity or confidentiality of data, or on the services provided by the financial entity; and significant cyber threats means a cyber threat which, based on its technical characteristics, can be assumed to have the potential to have a severe impact on the network and information systems of an entity or the users of the entity’s services by causing considerable material or non-material damage;. Financial entitiesas defined in Article 2, points (a) to (t) shall establish appropriate procedures and processes to ensure a consistent and integrated monitoring, handling and follow-up of ICT-related incidents means a single event or a series of linked events unplanned by the financial entity that compromises the security of the network and information systems, and have an adverse impact on the availability, authenticity, integrity or confidentiality of data, or on the services provided by the financial entity;, to ensure that root causes are identified, documented and addressed in order to prevent the occurrence of such incidents means an event compromising the availability, authenticity, integrity or confidentiality of stored, transmitted or processed data or of the services offered by, or accessible via, network and information systems;.

1. put in place early warning indicators;

2. establish procedures to identify, track, log, categorise and classify ICT-related incidents means a single event or a series of linked events unplanned by the financial entity that compromises the security of the network and information systems, and have an adverse impact on the availability, authenticity, integrity or confidentiality of data, or on the services provided by the financial entity; according to their priority and severity and according to the criticality of the services impacted, in accordance with the criteria set out in Article 18(1);

3. assign roles and responsibilities that need to be activated for different ICT-related incident means a single event or a series of linked events unplanned by the financial entity that compromises the security of the network and information systems, and have an adverse impact on the availability, authenticity, integrity or confidentiality of data, or on the services provided by the financial entity; types and scenarios;

4. set out plans for communication to staff, external stakeholders and media in accordance with Article 14 and for notification to clients, for internal escalation procedures, including ICT-related customer complaints, as well as for the provision of information to financial entitiesas defined in Article 2, points (a) to (t) that act as counterparts, as appropriate;

5. ensure that at least major ICT-related incidents means an ICT-related incident that has a high adverse impact on the network and information systems that support critical or important functions of the financial entity; are reported to relevant senior management and inform the management body means a management body as defined in Article 4(1), point (36), of Directive 2014/65/EU, Article 3(1), point (7), of Directive 2013/36/EU, Article 2(1), point (s), of Directive 2009/65/EC of the European Parliament and of the Council (^31^), Article 2(1), point (45), of Regulation (EU) No 909/2014, Article 3(1), point (20), of Regulation (EU) 2016/1011, and in the relevant provision of the Regulation on markets in crypto-assets, or the equivalent persons who effectively run the entity or have key functions in accordance with relevant Union or national law; Directive 2009/65/EC of the European Parliament and of the Council of 13 July 2009 on the coordination of laws, regulations and administrative provisions relating to undertakings for collective investment in transferable securities (UCITS) (OJ L 302, 17.11.2009, p. 32). of at least major ICT-related incidents means an ICT-related incident that has a high adverse impact on the network and information systems that support critical or important functions of the financial entity;, explaining the impact, response and additional controls to be established as a result of such ICT-related incidents means a single event or a series of linked events unplanned by the financial entity that compromises the security of the network and information systems, and have an adverse impact on the availability, authenticity, integrity or confidentiality of data, or on the services provided by the financial entity;;

6. establish ICT-related incident means a single event or a series of linked events unplanned by the financial entity that compromises the security of the network and information systems, and have an adverse impact on the availability, authenticity, integrity or confidentiality of data, or on the services provided by the financial entity; response procedures to mitigate impacts and ensure that services become operational and secure in a timely manner.