Info
🔗 Back to Summary. 🇫🇷 French Version: 2020R1230_FR.22. Back to Summary of LVL1. Open the PDF. Direct link to EUR-LEX.
Article 21 – Outsourcing ⬅️ | ➡️ Article 23 – Verification procedures
Article 22 - Security
(1) An application for registration as a securitisation repository shall contain proof of the following:
(a)
that its information technology systems are protected from misuse or unauthorised access;
(b)
that its information systems as defined in EU of the European Parliament and of the Council
are protected against attacks;
(c)
that unauthorised disclosure of confidential information is prevented;
(d)
that the security and integrity of the information received by it under Regulation (EU) 2017/2402 is ensured.
(2) The application shall contain proof that the applicant has arrangements in place to identify and manage the risks referred to in paragraph 1 in a prompt and timely manner.
(3) With respect to breaches in the physical and electronic security measures referred to in paragraphs 1 and 2, the application shall contain proof that the applicant has arrangements in place to do the following in a prompt and timely manner:
(a)
to notify ESMA of the incident giving rise to the breach;
(b)
to provide ESMA with an incident report, indicating the nature and details of the incident, the measures adopted to cope with the incident and the initiatives taken to prevent similar incidents;
(c)
to notify its users of the incident where they have been affected by the breach.