Beta

Source: OJ L, 2024/1774, 25.6.2024

EN

Recital 10 Production and development environment separation

ICT operations security and operational policies, procedures, protocols, and tools are essential to ensure the confidentiality, integrity, and availability of data. One pivotal aspect is the strict separation of ICT production environments from the environments where ICT systems are developed and tested or from other non-production environments. That separation should serve as an important ICT security measure against unintended and unauthorised access to, modifications of, and deletions of data in the production environment, which could result in major disruptions in the business operations of financial entitiesas defined in Article 2, points (a) to (t) referred to in Title II of this Regulation. However, considering current ICT system development practices, in exceptional circumstances, financial entitiesas defined in Article 2, points (a) to (t) should be allowed to test in production environments, provided that they justify such testing and obtain the required approval.

Table of contents

We're continuously improving our platform to serve you better.

Your feedback matters! Let us know how we can improve.

Contact us:

dora@springflod.se

Found a bug?

Springflod is a Swedish boutique consultancy firm specialising in cyber security within the financial services sector.

We offer professional services concerning information security governance, risk and compliance.

Crafted with ❤️ by Springflod