+DORA Ch. V Sec. II Art. 33 3.
|
1. Overview
DORA Ch. V Sec. II Art. 33 3.
3. The assessment referred to in paragraph 2 shall cover:
- (a) ICT requirements to ensure, in particular, the security, availability, continuity, scalability and quality of services which the critical ICT third-party service provider provides to financial entities, as well as the ability to maintain at all times high standards of availability, authenticity, integrity or confidentiality of data;
- (b) the physical security contributing to ensuring the ICT security, including the security of premises, facilities, data centres;
- (c) the risk management processes, including ICT risk management policies, ICT business continuity policy and ICT response and recovery plans;
- (d) the governance arrangements, including an organisational structure with clear, transparent and consistent lines of responsibility and accountability rules enabling effective ICT risk management;
- (e) the identification, monitoring and prompt reporting of material ICT-related incidents to financial entities, the management and resolution of those incidents, in particular cyber-attacks;
- (f) the mechanisms for data portability, application portability and interoperability, which ensure an effective exercise of termination rights by the financial entities;
- (g) the testing of ICT systems, infrastructure and controls;
- (h) the ICT audits;
- (i) the use of relevant national and international standards applicable to the provision of its ICT services to the financial entities.
1.1 References
1.2 Identified Requirements
1.3 Related Standards
2. Identified Requirements
Requirements
| Source |
Requirement |
3. Related Standards
Standards
| Source |
Requirement |
|