Page 42 - 期货和衍生品行业监管动态(2024年1月)
P. 42
期货和衍生品行业监管动态
related to ICT risk management with a view to harmonise tools, methods, processes
and policies. These elements are complementary to those identified in DORA. The
RTS identify the key elements that financial entities subject to the simplified regime
and of lower scale, risk, size and complexity would need to have in place, setting out
a simplified ICT risk management framework. The RTS ensure the ICT risk
management requirements are harmonised among the different financial sectors.
RTS on criteria for the classification of ICT-related incidents
These RTS specify the criteria for the classification of major
ICT-related incidents, the approach for the classification of major incidents, the
materiality thresholds of each classification criterion, the criteria and materiality
thresholds for determining significant cyber threats, the criteria for competent
authorities to assess the relevance of incidents to competent authorities in other
Member States and the details of the incidents to be shared in this regard. The RTS
ensure a harmonised and simple process of classifying incident reports throughout the
financial sector.
RTS on ICT TPP policy
These RTS specify parts of the governance arrangements, risk management and
internal control framework that financial entities should have in place regarding the
use of ICT third-party service providers. They aim to ensure financial entities remain
in control of their operational risks, information security and business continuity
throughout the life cycle of contractual arrangements with such ICT third-party
service providers.
ITS on the register of information
Finally, the ITS set out the templates to be maintained and updated by financial
entities in relation to their contractual arrangements with ICT third-party service
providers. The register of information will play a crucial role in the ICT third-party
29
