Commission Delegated Regulation that supports DORA regulation
Full Text of CDR 2024-1774
Regulatory technical standards specifying ICT risk management tools, methods, processes, and policies and the simplified ICT risk management framework
Article 30 – Classification of information assets and ICT assets
- As part of the simplified ICT risk management framework referred to in Article 16(1), point (a), of Regulation (EU) 2022/2554, the financial entities referred to in paragraph 1 of that Article shall identify, classify, and document all critical or important functions, the information assets and ICT assets supporting them and their interdependencies. Financial entities shall review that identification and classification as needed.
- The financial entities referred to in paragraph 1 shall identify all critical or important functions supported by ICT third-party service providers