Recital 62 Guiding rules for monitoring ICT third-party risk

To ensure a sound monitoring of ICT third-party risk means an ICT risk that may arise for a financial entity in relation to its use of ICT services provided by ICT third-party service providers or by subcontractors of the latter, including through outsourcing arrangements; in the financial sector, it is necessary to lay down a set of principle-based rules to guide financial entitiesas defined in Article 2, points (a) to (t)’ when monitoring risk arising in the context of functions outsourced to ICT third-party service providers means an undertaking providing ICT services;, particularly for ICT services means digital and data services provided through ICT systems to one or more internal or external users on an ongoing basis, including hardware as a service and hardware services which includes the provision of technical support via software or firmware updates by the hardware provider, excluding traditional analogue telephone services; supporting critical or important functions means a function, the disruption of which would materially impair the financial performance of a financial entity, or the soundness or continuity of its services and activities, or the discontinued, defective or failed performance of that function would materially impair the continuing compliance of a financial entity with the conditions and obligations of its authorisation, or with its other obligations under applicable financial services law;, as well as more generally in the context of all ICT third-party dependencies.