Article 14 Securing information in transit
-
As part of the safeguards to preserve the availability, authenticity, integrity and confidentiality of data, financial entitiesas defined in Article 2, points (a) to (t) shall develop, document, and implement the policies, procedures, protocols, and tools to protect information in transit. Financial entitiesas defined in Article 2, points (a) to (t) shall in particular ensure all of the following:
-
the availability, authenticity, integrity and confidentiality of data during network transmission, and the establishment of procedures to assess compliance with those requirements;
-
the prevention and detection of data leakages and the secure transfer of information between the financial entity and external parties;
-
that requirements on confidentiality or non-disclosure arrangements reflecting the financial entity’s needs for the protection of information for both the staff of the financial entity and of third parties are implemented, documented, and regularly reviewed.
-
-
Financial entitiesas defined in Article 2, points (a) to (t) shall design the policies, procedures, protocols, and tools to protect the information in transit referred to in paragraph 1 on the basis of the results of the approved data classification and of the ICT riskmeans any reasonably identifiable circumstance in relation to the use of network and information systems which, if materialised, may compromise the security of the network and information systems, of any technology dependent tool or process, of operations and processes, or of the provision of services by producing adverse effects in the digital or physical environment; assessment.