Info

🔗 Back to Summary. 🇫🇷 French Version: 2024R1774_FR.37. Back to Summary of LVL1. Open the PDF. Direct link to EUR-LEX.

Article 36 – ICT security testing ⬅️ | ➡️ Article 38 – ICT project and change management

Références LVL1 <=> LVL2

Level 1 reference(s): 2022R2554_EN.16

Article 37 - ICT systems acquisition, development, and maintenance

The financial entities referred to in 2022 shall design and implement, where appropriate, a procedure governing the acquisition, development, and maintenance of ICT systems following a risk-based approach. That procedure shall:

(a)

ensure that, before any acquisition or development of ICT systems takes place, the functional and non-functional requirements, including information security requirements, are clearly specified and approved by the business function concerned;

(b)

ensure the testing and approval of ICT systems prior to their first use and before introducing changes to the production environment;

(c)

identify measures to mitigate the risk of unintentional alteration or intentional manipulation of the ICT systems during development and implementation in the production environment.

NOMOX

Explorer

2024R1774_EN.37

Article 37 - ICT systems acquisition, development, and maintenance

(a)

(b)

(c)

Table of Contents

Backlinks