Article 1 Overall risk profile and complexity
When developing and implementing the ICT security policies, procedures, protocols and tools referred to in Title II and the simplified ICT riskmeans any reasonably identifiable circumstance in relation to the use of network and information systems which, if materialised, may compromise the security of the network and information systems, of any technology dependent tool or process, of operations and processes, or of the provision of services by producing adverse effects in the digital or physical environment; management framework referred to in Title III, the size and the overall risk profile of the financial entity, and the nature, scale and elements of increased or reduced complexity of its services, activities and operations shall be taken into account, including elements relating to:
-
encryption and cryptography;
-
ICT operations security;
-
network security;
-
ICT project and change management;
-
the potential impact of the ICT riskmeans any reasonably identifiable circumstance in relation to the use of network and information systems which, if materialised, may compromise the security of the network and information systems, of any technology dependent tool or process, of operations and processes, or of the provision of services by producing adverse effects in the digital or physical environment; on confidentiality, integrity and availability of data, and of the disruptions on the continuity and availability of the financial entity’s activities.