Commission Delegated Regulation that supports DORA regulation
Full Text of CDR 2024-1774
Regulatory technical standards specifying ICT risk management tools, methods, processes, and policies and the simplified ICT risk management framework
Article 9 – Capacity and performance management
- As part of the ICT security policies, procedures, protocols, and tools referred to in Article 9(2) of Regulation (EU) 2022/2554, financial entities shall develop, document, and implement capacity and performance management procedures for the following:
- the identification of capacity requirements of their ICT systems;
- the application of resource optimisation;
- the monitoring procedures for maintaining and improving:
- the availability of data and ICT systems;
- the efficiency of ICT systems;
- the prevention of ICT capacity shortages.
- The capacity and performance management procedures referred to in paragraph 1 shall ensure that financial entities take measures that are appropriate to cater for the specificities of ICT systems with long or complex procurement or approval processes or ICT systems that are resource-intensive.