Beta

Source: OJ L, 2024/1774, 25.6.2024

EN

Recital 7 Policies and procedures on operations, assets and capacity management

To ensure their digital operational resilience means the ability of a financial entity to build, assure and review its operational integrity and reliability by ensuring, either directly or indirectly through the use of services provided by ICT third-party service providers, the full range of ICT-related capabilities needed to address the security of the network and information systems which a financial entity uses, and which support the continued provision of financial services and their quality, including throughout disruptions;, financial entitiesas defined in Article 2, points (a) to (t) referred to in Title II of this Regulation should, as part of their ICT security policies, procedures, protocols, and tools, develop and implement an ICT asset means a software or hardware asset in the network and information systems used by the financial entity; management policy, capacity and performance management procedures, and policies and procedures for ICT operations. Those policies and procedures are necessary to ensure the monitoring of the status of ICT assets means a software or hardware asset in the network and information systems used by the financial entity; throughout their lifecycles, so that those assets are used and maintained effectively (ICT asset means a software or hardware asset in the network and information systems used by the financial entity; management). Those policies and procedures should also ensure the optimisation of ICT systems’ operation and that the ICT systems’ and capacity’s performance meets the established business and information security objectives (capacity and performance management). Lastly, those policies and procedures should ensure the effective and smooth day-to-day management and operation of ICT systems (ICT operations), thereby minimising the risk means the potential for loss or disruption caused by an incident and is to be expressed as a combination of the magnitude of such loss or disruption and the likelihood of occurrence of the incident; of loss of confidentiality, integrity, and availability of data. Those policies and procedures are thus necessary to ensure the security of networks, to provide for adequate safeguards against intrusions and data misuse, and to preserve the availability, authenticity, integrity, and confidentiality of data.

Table of contents

We're continuously improving our platform to serve you better.

Your feedback matters! Let us know how we can improve.

Contact us:

dora@springflod.se

Found a bug?

Springflod is a Swedish boutique consultancy firm specialising in cyber security within the financial services sector.

We offer professional services concerning information security governance, risk and compliance.

Crafted with ❤️ by Springflod