Title 3 – Simplified ICT risk management framework for financial entities referred to in Article 16(1) of Regulation (EU) 2022/2554
Chapter 1 – Simplified ICT risk management framework
Article 28– Governance and organisation
Article 29– Information security policy and measures
Article 30– Classification of information assets and ICT assets
Article 31– ICT risk management
Article 32– Physical and environmental security
Chapter 2 – Further elements of systems, protocols, and tools to minimise the impact of ICT risk
Article 33– Access Control
Article 34– ICT operations security
Article 35– Data, system and network security
Article 36– ICT security testing
Article 37– ICT systems acquisition, development, and maintenance
Article 38– ICT project and change management
Chapter 3 – ICT business continuity management
Article 39– Components of the ICT business continuity plan
Article 40– Testing of business continuity plans
Chapter 4 – Report on the review of the simplified ICT risk management framework
