Info

🔗 Back to Summary. 🇫🇷 French Version: 2024R1774_FR.36. Back to Summary of LVL1. Open the PDF. Direct link to EUR-LEX.

Article 35 – Data, system and network security ⬅️ | ➡️ Article 37 – ICT systems acquisition, development, and maintenance

Références LVL1 <=> LVL2

Level 1 reference(s): 2022R2554_EN.16

Article 36 - ICT security testing

1.

The financial entities referred to in 2022 shall establish and implement an ICT security testing plan to validate the effectiveness of their ICT security measures developed in accordance with Articles 33, 34 and 35 and Articles 37 and 38 of this Regulation. Financial entities shall ensure that that plan considers threats and vulnerabilities identified as part of the simplified ICT risk management framework referred to in Article 31 of this Regulation.

2.

The financial entities referred to in paragraph 1 shall review, asses and test ICT security measures, taking into consideration the overall risk profile of the ICT assets of the financial entity.

3.

The financial entities referred to in paragraph 1 shall monitor and evaluate the results of the security tests and update their security measures accordingly without undue delay in the case of ICT systems supporting critical or important functions.

NOMOX

Explorer

2024R1774_EN.36

Article 36 - ICT security testing

1.

2.

3.

Table of Contents

Backlinks