Art. 5 ICT asset management procedure | RTS on ICT risk management framework | DORA

1. Financial entitiesas defined in Article 2, points (a) to (t) shall develop, document, and implement a procedure for the management of ICT assets means a software or hardware asset in the network and information systems used by the financial entity;.
1. The procedure for management of ICT assets means a software or hardware asset in the network and information systems used by the financial entity; referred to in paragraph 1 shall specify the criteria to perform the criticality assessment of information assets means a collection of information, either tangible or intangible, that is worth protecting; and ICT assets means a software or hardware asset in the network and information systems used by the financial entity; supporting business functions. That assessment shall take into account:
  1. the ICT risk means any reasonably identifiable circumstance in relation to the use of network and information systems which, if materialised, may compromise the security of the network and information systems, of any technology dependent tool or process, of operations and processes, or of the provision of services by producing adverse effects in the digital or physical environment; related to those business functions and their dependencies on the information assets means a collection of information, either tangible or intangible, that is worth protecting; or ICT assets means a software or hardware asset in the network and information systems used by the financial entity;;
  2. how the loss of confidentiality, integrity, and availability of such information assets means a collection of information, either tangible or intangible, that is worth protecting; and ICT assets means a software or hardware asset in the network and information systems used by the financial entity; would impact the business processes and activities of the financial entitiesas defined in Article 2, points (a) to (t).