Beta

Source: OJ L 333, 27.12.2022, p. 1–79

EN

Recital 92 Financial entities' responsibility of oversight of critical ICT third-party service providers

The Oversight Framework should not replace, or in any way or for any part substitute for, the requirement for financial entitiesas defined in Article 2, points (a) to (t) to manage themselves the risks means the potential for loss or disruption caused by an incident and is to be expressed as a combination of the magnitude of such loss or disruption and the likelihood of occurrence of the incident; entailed by the use of ICT third-party service providers means an undertaking providing ICT services;, including their obligation to maintain an ongoing monitoring of contractual arrangements concluded with critical ICT third-party service providers means an ICT third-party service provider designated as critical in accordance with Article 31;. Similarly, the Oversight Framework should not affect the full responsibility of financial entitiesas defined in Article 2, points (a) to (t) for complying with, and discharging, all the legal obligations laid down in this Regulation and in the relevant financial services law.

Table of contents

We're continuously improving our platform to serve you better.

Your feedback matters! Let us know how we can improve.

Contact us:

dora@springflod.se

Found a bug?

Springflod is a Swedish boutique consultancy firm specialising in cyber security within the financial services sector.

We offer professional services concerning information security governance, risk and compliance.

Crafted with ❤️ by Springflod