Commission Delegated Regulation that supports DORA regulation
Full Text of CDR 2024-1774
Regulatory technical standards specifying ICT risk management tools, methods, processes, and policies and the simplified ICT risk management framework
Article 14 – Securing information in transit
- As part of the safeguards to preserve the availability, authenticity, integrity and confidentiality of data, financial entities shall develop, document, and implement the policies, procedures, protocols, and tools to protect information in transit. Financial entities shall in particular ensure all of the following:
- the availability, authenticity, integrity and confidentiality of data during network transmission, and the establishment of procedures to assess compliance with those requirements;
- the prevention and detection of data leakages and the secure transfer of information between the financial entity and external parties;
- that requirements on confidentiality or non-disclosure arrangements reflecting the financial entity’s needs for the protection of information for both the staff of the financial entity and of third parties are implemented, documented, and regularly reviewed.
- Financial entities shall design the policies, procedures, protocols, and tools to protect the information in transit referred to in paragraph 1 on the basis of the results of the approved data classification and of the ICT risk assessment.