Article 5 ICT asset management procedure
-
Financial entitiesas defined in Article 2, points (a) to (t) shall develop, document, and implement a procedure for the management of ICT assetsmeans a software or hardware asset in the network and information systems used by the financial entity;.
-
The procedure for management of ICT assetsmeans a software or hardware asset in the network and information systems used by the financial entity; referred to in paragraph 1 shall specify the criteria to perform the criticality assessment of information assetsmeans a collection of information, either tangible or intangible, that is worth protecting; and ICT assetsmeans a software or hardware asset in the network and information systems used by the financial entity; supporting business functions. That assessment shall take into account:
-
the ICT riskmeans any reasonably identifiable circumstance in relation to the use of network and information systems which, if materialised, may compromise the security of the network and information systems, of any technology dependent tool or process, of operations and processes, or of the provision of services by producing adverse effects in the digital or physical environment; related to those business functions and their dependencies on the information assetsmeans a collection of information, either tangible or intangible, that is worth protecting; or ICT assetsmeans a software or hardware asset in the network and information systems used by the financial entity;;
-
how the loss of confidentiality, integrity, and availability of such information assetsmeans a collection of information, either tangible or intangible, that is worth protecting; and ICT assetsmeans a software or hardware asset in the network and information systems used by the financial entity; would impact the business processes and activities of the financial entitiesas defined in Article 2, points (a) to (t).
-