+RTS ICT Risk Management T. III Ch. I Art. 29 Information security policy and measures
---+RTS ICT Risk Management T. III Ch. I Art. 29 , 1
---+RTS ICT Risk Management T. III Ch. I Art. 29 , 2
|
1. Overview
RTS ICT Risk Management T. III Ch. I Art. 29 Information security policy and measures
Information security policy and measures
| Summary |
Regulation |
|
RTS ICT Risk Management T. III Ch. I Art. 29 , 1
|
1. The financial entities referred to in Article 16(1) of Regulation (EU) 2022/2554 shall develop, document, and implement an information security policy in the context of the simplified ICT risk management framework. That information security policy shall specify the high-level principles and rules to protect the confidentiality, integrity, availability, and authenticity of data and of the services those financial entities provide.
|
|
RTS ICT Risk Management T. III Ch. I Art. 29 , 2
|
2. Based on their information security policy referred to in paragraph 1, the financial entities referred to in paragraph 1 shall establish and implement ICT security measures to mitigate their exposure to ICT risk, including mitigating measures implemented by ICT third-party service providers.
The ICT security measures shall include all of the measures referred to in Articles 30 to 38.
|
1.1 References
1.2 Identified Requirements
1.3 Related Standards
2. Identified Requirements
Requirements
| Source |
Requirement |
3. Related Standards
Standards
| Source |
Requirement |
|