Beta

Source: OJ L, 2024/2956, 2.12.2024

EN

Annex III

Type of ICT services

When referring to a type of ICT services means digital and data services provided through ICT systems to one or more internal or external users on an ongoing basis, including hardware as a service and hardware services which includes the provision of technical support via software or firmware updates by the hardware provider, excluding traditional analogue telephone services; in the templates of the register of information, only the identifier (from S01 to S19) of the relevant type of ICT services means digital and data services provided through ICT systems to one or more internal or external users on an ongoing basis, including hardware as a service and hardware services which includes the provision of technical support via software or firmware updates by the hardware provider, excluding traditional analogue telephone services; shall be reported.

Identifier

Type of ICT services means digital and data services provided through ICT systems to one or more internal or external users on an ongoing basis, including hardware as a service and hardware services which includes the provision of technical support via software or firmware updates by the hardware provider, excluding traditional analogue telephone services;

Description

S01

  • ICT project management

Provision of services related to Project Management Officer (PMO).

S02

  • ICT Development

Provision of services related to: business analysis, software means the part of an electronic information system which consists of computer code; design and development, testing.

S03

  • ICT help desk and first level support

Provision of services related to: helpdesk support and first level support on ICT incident means an incident as defined in Article 6, point (6), of Directive (EU) 2022/2555;

S04

  • ICT security management services

Provision of services related to: ICT security (protection, detection, response and recovering), including security incident handling means any actions and procedures aiming to prevent, detect, analyse, and contain or to respond to and recover from an incident; and forensics.

S05

  • Provision of data

Subscription to the services of data providers. (digital data service)

S06

  • Data analysis

Provision of services related to the support for data analysis. (digital data service)

S07

  • ICT, facilities and hosting services (excluding Cloud services)

Provision of ICT infrastructure, facilities and hosting services, including the provision of utilities (energy, heat management etc.), telecom access and physical security (excluding cloud services), payment-processing activities, or operating payment infrastructures

S08

  • Computation

Provision of digital processing capabilities (including data computation), excluding the computation services performed in the context of a cloud environment.

S09

  • Non-Cloud Data storage

Provision of data storage platform (excluding cloud services).

S10

  • Telecom carrier

Operations for telecommunication systems and flow management. Traditional analogue telephone services are explicitly excluded pursuant to Article 3, point (21), of Regulation (EU) 2022/2554

S11

  • Network infrastructure

Provision of network infrastructure

S12

  • Hardware means a physical electronic information system, or parts thereof capable of processing, storing or transmitting digital data; and physical devices

Provision of workstations, phones, servers, data storage devices, appliances, etc. in a form of a service

S13

  • Software means the part of an electronic information system which consists of computer code; licencing (excluding SaaS)

Provision of software means the part of an electronic information system which consists of computer code; run on premises.

S14

  • ICT operation management (including maintenance)

Provision of services related to: infrastructure (systems and hardware means a physical electronic information system, or parts thereof capable of processing, storing or transmitting digital data; except network) configuration, maintenance, installing, capacity management, business continuity management, etc.

Including Managed Service Providers means an entity that provides services related to the installation, management, operation or maintenance of ICT products, networks, infrastructure, applications or any other network and information systems, via assistance or active administration carried out either on customers’ premises or remotely; (MSP)

S15

  • ICT Consulting

Provision of intellectual / ICT expertise services.

S16

  • ICT Risk means any reasonably identifiable circumstance in relation to the use of network and information systems which, if materialised, may compromise the security of the network and information systems, of any technology dependent tool or process, of operations and processes, or of the provision of services by producing adverse effects in the digital or physical environment; management

Verification of compliance with ICT risk means any reasonably identifiable circumstance in relation to the use of network and information systems which, if materialised, may compromise the security of the network and information systems, of any technology dependent tool or process, of operations and processes, or of the provision of services by producing adverse effects in the digital or physical environment; management requirements in accordance with Article 6(10) of Regulation (EU) 2022/2554

S17

  • Cloud services: IaaS

Infrastructure-as-a-Service

S18

  • Cloud services: PaaS

Platform-as-a-Service

S19

  • Cloud services: SaaS

Software-as-a-Service

We're continuously improving our platform to serve you better.

Your feedback matters! Let us know how we can improve.

Contact us:

dora@springflod.se

Found a bug?

Springflod is a Swedish boutique consultancy firm specialising in cyber security within the financial services sector.

We offer professional services concerning information security governance, risk and compliance.

Crafted with ❤️ by Springflod