In order to address and manage ICT risk, financial entities shall use and maintain updated ICT systems, protocols and tools that are:
- appropriate to the magnitude of operations supporting the conduct of their activities, in accordance with the proportionality principle as referred to in Article 4;
- reliable;
- equipped with sufficient capacity to accurately process the data necessary for the performance of activities and the timely provision of services, and to deal with peak orders, message or transaction volumes, as needed, including where new technology is introduced;
- technologically resilient in order to adequately deal with additional information processing needs as required under stressed market conditions or other adverse situations.