2. RISK MANAGEMENT POLICY

2.1 Risk management framework

2.1.1. For the purpose of Article 21(2), point (a) of Directive (EU) 2022/2555, the relevant entities shall establish and maintain an appropriate risk management framework to identify and address the risks posed to the security of network and information systems. The relevant entities shall perform and document risk assessments and, based on the results, establish,

Von |2024-09-16T11:31:37+02:00September 11th, 2024|Kommentare deaktiviert für 2.1 Risk management framework

2.2. Compliance monitoring

2.2.1. The relevant entities shall regularly review the compliance with their policies on network and information system security, topic-specific policies, rules, and standards. The management bodies shall be informed of the status of network and information security on the basis of the compliance reviews by means of regular reporting. 2.2.2. The relevant entities shall put

Von |2024-09-16T11:32:24+02:00September 11th, 2024|Kommentare deaktiviert für 2.2. Compliance monitoring

2.3 Independent review of information and network security

2.3.1. The relevant entities shall review independently their approach to managing network and information system security and its implementation including people, processes and technologies. 2.3.2. The relevant entities shall develop and maintain processes to conduct independent reviews which shall be carried out by individuals with appropriate audit competence.  The persons conducting the reviews shall not

Von |2024-09-16T11:32:56+02:00September 11th, 2024|Kommentare deaktiviert für 2.3 Independent review of information and network security
Nach oben