Commission Delegated Regulation that supports DORA regulation
Full Text of CDR 2024-1774
Regulatory technical standards specifying ICT risk management tools, methods, processes, and policies and the simplified ICT risk management framework
Article 5 – ICT asset management procedure
- Financial entities shall develop, document, and implement a procedure for the management of ICT assets.
- The procedure for management of ICT assets referred to in paragraph 1 shall specify the criteria to perform the criticality assessment of information assets and ICT assets supporting business functions. That assessment shall take into account:
- the ICT risk related to those business functions and their dependencies on the information assets or ICT assets;
- how the loss of confidentiality, integrity, and availability of such information assets and ICT assets would impact the business processes and activities of the financial entities.