Vorherige Seite
    Regulation (EU) 2022/2554 of the European Parliament and of the Council of 14 Dec... (32022R2554)
    1 - 2130 - 131
    Nächste Seite
    EU - Rechtsakte: 06 Right of establishment and freedom to provide services
    7.   In accordance with Article 16 of Regulations (EU) No 1093/2010, (EU) No 1094/2010 and (EU) No 1095/2010, the ESAs shall by 17 July 2024 issue, for the purposes of this Section, guidelines on the cooperation between the ESAs and the competent authorities covering the detailed procedures and conditions for the allocation and execution of tasks between competent authorities and the ESAs and the details on the exchanges of information which are necessary for competent authorities to ensure the follow-up of recommendations pursuant to Article 35(1), point (d), addressed to critical ICT third-party service providers.
    8.   The requirements set out in this Section shall be without prejudice to the application of Directive (EU) 2022/2555 and of other Union rules on oversight applicable to providers of cloud computing services.
    9.   The ESAs, through the Joint Committee and based on preparatory work conducted by the Oversight Forum, shall, on yearly basis, submit a report on the application of this Section to the European Parliament, the Council and the Commission.

    Article 33

    Tasks of the Lead Overseer

    1.   The Lead Overseer, appointed in accordance with Article 31(1), point (b), shall conduct the oversight of the assigned critical ICT third-party service providers and shall be, for the purposes of all matters related to the oversight, the primary point of contact for those critical ICT third-party service providers.
    2.   For the purposes of paragraph 1, the Lead Overseer shall assess whether each critical ICT third-party service provider has in place comprehensive, sound and effective rules, procedures, mechanisms and arrangements to manage the ICT risk which it may pose to financial entities.
    The assessment referred to in the first subparagraph shall focus mainly on ICT services provided by the critical ICT third-party service provider supporting the critical or important functions of financial entities. Where necessary to address all relevant risks, that assessment shall extend to ICT services supporting functions other than those that are critical or important.
    3.   The assessment referred to in paragraph 2 shall cover:
    (a) ICT requirements to ensure, in particular, the security, availability, continuity, scalability and quality of services which the critical ICT third-party service provider provides to financial entities, as well as the ability to maintain at all times high standards of availability, authenticity, integrity or confidentiality of data;
    (b) the physical security contributing to ensuring the ICT security, including the security of premises, facilities, data centres;
    (c) the risk management processes, including ICT risk management policies, ICT business continuity policy and ICT response and recovery plans;
    (d) the governance arrangements, including an organisational structure with clear, transparent and consistent lines of responsibility and accountability rules enabling effective ICT risk management;
    (e) the identification, monitoring and prompt reporting of material ICT-related incidents to financial entities, the management and resolution of those incidents, in particular cyber-attacks;
    (f) the mechanisms for data portability, application portability and interoperability, which ensure an effective exercise of termination rights by the financial entities;
    (g) the testing of ICT systems, infrastructure and controls;
    (h) the ICT audits;
    (i) the use of relevant national and international standards applicable to the provision of its ICT services to the financial entities.
    Markierungen
    Leseansicht
    Verwendung von Cookies.

    Durch die Nutzung dieser Website akzeptieren Sie automatisch, dass wir Cookies verwenden. Cookie-Richtlinie

    Akzeptieren