Source: OJ L, 2024/1773, 25.6.2024
ENRecital 9 Planning
To mitigate the risks means the potential for loss or disruption caused by an incident and is to be expressed as a combination of the magnitude of such loss or disruption and the likelihood of occurrence of the incident; identified, the policy should specify the planning of contractual arrangements, including the risk means the potential for loss or disruption caused by an incident and is to be expressed as a combination of the magnitude of such loss or disruption and the likelihood of occurrence of the incident; assessment, the due diligence, and the approval process for new or material changes to those contractual arrangements. In order to manage the risks means the potential for loss or disruption caused by an incident and is to be expressed as a combination of the magnitude of such loss or disruption and the likelihood of occurrence of the incident; that may arise before entering into a contractual arrangement with an ICT third-party service provider means an undertaking providing ICT services;, the policy should specify an appropriate and proportionate process to select and assess the suitability of prospective ICT third-party service providers means an undertaking providing ICT services; and require that the financial entity means a natural or legal person created and recognised as such under the national law of its place of establishment, which may, acting under its own name, exercise rights and be subject to obligations; takes into account a non-exhaustive list of elements that the ICT third-party service providers means an undertaking providing ICT services; should have in place. The list should include elements related to the business reputation of the service providers, their financial, human and technical resources, their information-security, their organisational structure, including risk means the potential for loss or disruption caused by an incident and is to be expressed as a combination of the magnitude of such loss or disruption and the likelihood of occurrence of the incident; management, and their internal controls.