ICT project and change management


  1. The financial entitiesas defined in Article 2, points (a) to (t) referred to in Article 16(1) of Regulation (EU) 2022/2554 shall develop, document, and implement an ICT project management procedure and shall specify the roles and responsibilities for its implementation. That procedure shall cover all stages of the ICT projects from their initiation to their closure.

  2. The financial entitiesas defined in Article 2, points (a) to (t) referred to in paragraph 1 shall develop, document, and implement an ICT change management procedure to ensure that all changes to ICT systems are recorded, tested, assessed, approved, implemented, and verified in a controlled manner and with the adequate safeguards to preserve the financial entity’s digital operational resiliencethe ability of a financial entity to build, assure and review its operational integrity and reliability by ensuring, either directly or indirectly through the use of services provided by ICT third-party service providers, the full range of ICT-related capabilities needed to address the security of the network and information systems which a financial entity uses, and which support the continued provision of financial services and their quality, including throughout disruptions.