+RTS ICT Third-Party Service Providers Art. 5, 3
|
1. Overview
RTS ICT Third-Party Service Providers Art. 5, 3
The risk assessment shall take into account all the relevant requirements laid down in Regulation (EU) 2022/2554 and applicable sectoral Union legislation. It shall consider, in particular, the impact of the provision of ICT services supporting critical or important functions by ICT third-party service providers on the financial entity and all the risks posed by the provision of those ICT services supporting critical or important functions by ICT third-party service providers, including the following:
- (a) operational risks;
- (b) legal risks;
- (c) ICT risks;
- (d) reputational risks;
- (e) risks linked to the protection of confidential or personal data;
- (f) risks linked to the availability of data;
- (g) risks linked to the location where the data is processed and stored;
- (h) risks linked to the location of the ICT third-party service provider;
- (i) ICT concentration risks at entity level.
1.1 References
1.2 Identified Requirements
1.3 Related Standards
2. Identified Requirements
Requirements
| Source |
Requirement |
3. Related Standards
Standards
| Source |
Requirement |
|