DORA
RTS ICT Risk Management
RTS ICT Incident classification
RTS Third Party ICT service policy
ITS Register of Information
RTS Harmonization of conditions
enabling the conduct of oversight activities RTS Joint examination teams RTS & ITS Major incident reporting RTS Subcontracting ICT services RTS Threat-led penetration testing GUIDELINES Estimation of aggregated
annual costs and losses GUIDELINES Oversight cooperation
and information exchange
enabling the conduct of oversight activities RTS Joint examination teams RTS & ITS Major incident reporting RTS Subcontracting ICT services RTS Threat-led penetration testing GUIDELINES Estimation of aggregated
annual costs and losses GUIDELINES Oversight cooperation
and information exchange
TITLE II - FURTHER HARMONISATION OF ICT RISK MANAGEMENT TOOLS, METHODS, PROCESSES AND POLICIES IN ACCORDANCE WITH ARTICLE 15 OF REGULATION (EU) 2022/2554
CHAPTER I
ICT SECURITY POLICIES, PROCEDURES, PROTOCOLS, AND TOOLS
CHAPTER II HUMAN RESOURCES POLICY AND ACCESS CONTROL
CHAPTER III ICT-RELATED INCIDENT DETECTION AND RESPONSE
CHAPTER IV ICT BUSINESS CONTINUITY MANAGEMENT
CHAPTER V REPORT ON THE ICT RISK MANAGEMENT FRAMEWORK REVIEW
ICT SECURITY POLICIES, PROCEDURES, PROTOCOLS, AND TOOLS
SECTION I
SECTION II SECTION III ICT ASSET MANAGEMENT SECTION IV ENCRYPTION AND CRYPTOGRAPHY SECTION V ICT OPERATIONS SECURITY
SECTION VI NETWORK SECURITY
SECTION VII ICT PROJECT AND CHANGE MANAGEMENT
SECTION VIII
SECTION II SECTION III ICT ASSET MANAGEMENT SECTION IV ENCRYPTION AND CRYPTOGRAPHY SECTION V ICT OPERATIONS SECURITY
08 Policies and procedures for ICT operations
09 Capacity and performance management
10 vulnerability and patch management
11 Data and system security
12 Logging
15 ICT project and change management
16 ICT systems acquisition, development, and maintenance
17 ICT change management
TITLE III SIMPLIFIED ICT RISK MANAGEMENT FRAMEWORK FOR FINANCIAL ENTITIES REFERRED TO IN ARTICLE 16(1) OF REGULATION (EU) 2022/2554
38 ICT project and change management
1)
The financial entities referred to in Article 16(1) of Regulation (EU) 2022/2554 shall develop, document, and implement an ICT project management procedure and shall specify the roles and responsibilities for its implementation. That procedure shall cover all stages of the ICT projects from their initiation to their closure.
2)
The financial entities referred to in paragraph 1 shall develop, document, and implement an ICT change management procedure to ensure that all changes to ICT systems are recorded, tested, assessed, approved, implemented, and verified in a controlled manner and with the adequate safeguards to preserve the financial entity’s digital operational resilience.
Chapter II (Articles 5 - 10)
General Provisions
Section I
Article 1
Backup policies and procedures, restoration and recovery procedures and methods
Article 2
Subject matter
Article 999
Testing of ICT tools and systems
Section II
Article 1
Backup policies and procedures, restoration and recovery procedures and methods
Article 2
Subject matter
Article 999
Testing of ICT tools and systems