Commission Delegated Regulation that supports DORA regulation
Full Text of CDR 2024-1774
Regulatory technical standards specifying ICT risk management tools, methods, processes, and policies and the simplified ICT risk management framework
Article 38 – ICT project and change management
- The financial entities referred to in Article 16(1) of Regulation (EU) 2022/2554 shall develop, document, and implement an ICT project management procedure and shall specify the roles and responsibilities for its implementation. That procedure shall cover all stages of the ICT projects from their initiation to their closure.
- The financial entities referred to in paragraph 1 shall develop, document, and implement an ICT change management procedure to ensure that all changes to ICT systems are recorded, tested, assessed, approved, implemented, and verified in a controlled manner and with the adequate safeguards to preserve the financial entity’s digital operational resilience.