Business continuity and recovery plans


Efficient business continuity and recovery plans are necessary to allow financial entitiesas defined in Article 2, points (a) to (t) to promptly and quickly resolve ICT-related incidentsmeans a single event or a series of linked events unplanned by the financial entity that compromises the security of the network and information systems, and have an adverse impact on the availability, authenticity, integrity or confidentiality of data, or on the services provided by the financial entity;, in particular cyber-attacksmeans a malicious ICT-related incident caused by means of an attempt perpetrated by any threat actor to destroy, expose, alter, disable, steal or gain unauthorised access to, or make unauthorised use of, an asset;, by limiting damage and giving priority to the resumption of activities and recovery actions in accordance with their back-up policies. However, such resumption should in no way jeopardise the integrity and security of the network and information systemsmeans a network and information system as defined in Article 6, point 1, of Directive (EU) 2022/2555; or the availability, authenticity, integrity or confidentiality of data.