+RTS ICT Risk Management T. III Ch. I Art. 31 , 1
|
1. Overview
RTS ICT Risk Management T. III Ch. I Art. 31 , 1
1. The financial entities referred to in Article 16(1) of Regulation (EU) 2022/2554 shall include in their simplified ICT risk management framework all of the following:
- (a) a determination of the risk tolerance levels for ICT risk, in accordance with the risk appetite of the financial entity;
- (b) the identification and assessment of the ICT risks to which the financial entity is exposed;
- (c) the specification of mitigation strategies at least for the ICT risks that are not within the risk tolerance levels of the financial entity;
- (d) the monitoring of the effectiveness of the mitigation strategies referred to in point (c);
- (e) the identification and assessment of any ICT and information security risks resulting from any major change in ICT system or ICT services, processes, or procedures, and from ICT security testing results and after any major ICTrelated incident.
1.1 References
1.2 Identified Requirements
1.3 Related Standards
2. Identified Requirements
Requirements
| Source |
Requirement |
3. Related Standards
Standards
| Source |
Requirement |
|