+RTS ICT Risk Management T. II Ch. I Sec. 7 Art. 15 , 2
|
1. Overview
RTS ICT Risk Management T. II Ch. I Sec. 7 Art. 15 , 2
2. The ICT project management policy referred to in paragraph 1 shall specify the elements that ensure the effective management of the ICT projects related to the acquisition, maintenance and, where applicable, development of the financial entity’s ICT systems.
1.1 References
1.2 Identified Requirements
1.3 Related Standards
2. Identified Requirements
Requirements
| Source |
Requirement |
3. Related Standards
Standards
| Source |
Requirement |
|
NOREA
|
ICT Project Management Practices
Ensure effective management of ICT projects related to acquisition, maintenance, and, where applicable, development of ICT systems, through a project management policy. The ICT project plan shall include: clear project objectives, project governance structure, roles and responsibilities, defined timeframe and steps, key project milestones, and change management requirements. Specify requirements for project team members, ensuring the inclusion of staff from business activities or functions impacted by the project. Team members must possess the knowledge to ensure the secure and successful project implementation. Establish reporting requirements, including periodic reporting on the establishment and progress of projects impacting critical or important functions, along with their associated risks. Reporting shall be done periodically and, where necessary, on an eventdriven basis, considering the importance and size of the ICT projects and the project risk assessment.
|
|
NOREA
|
Project Risk Management
Perform a risk assessment of the ICT project. Conduct testing of all project management requirements, including security requirements. Establish an approval process for deploying to the production environment.
|
|