Source: OJ L, 2024/1774, 25.6.2024
ENRecital 21 Comprehensive triggers for ICT-related incidents
To ensure that ICT-related incidents means a single event or a series of linked events unplanned by the financial entity that compromises the security of the network and information systems, and have an adverse impact on the availability, authenticity, integrity or confidentiality of data, or on the services provided by the financial entity; are detected in time, financial entitiesas defined in Article 2, points (a) to (t) referred to in Title II of this Regulation should consider the criteria identified for triggering the detection of and responses to ICT-related incidents means a single event or a series of linked events unplanned by the financial entity that compromises the security of the network and information systems, and have an adverse impact on the availability, authenticity, integrity or confidentiality of data, or on the services provided by the financial entity; as not exhaustive. Moreover, while financial entitiesas defined in Article 2, points (a) to (t) should consider each of those criteria, the circumstances described in the criteria should not need to occur simultaneously and the importance of the affected ICT services means digital and data services provided through ICT systems to one or more internal or external users on an ongoing basis, including hardware as a service and hardware services which includes the provision of technical support via software or firmware updates by the hardware provider, excluding traditional analogue telephone services; should be appropriately considered to trigger ICT-related incident means a single event or a series of linked events unplanned by the financial entity that compromises the security of the network and information systems, and have an adverse impact on the availability, authenticity, integrity or confidentiality of data, or on the services provided by the financial entity; detection and response processes.