Capacity and performance management


  1. As part of the ICT security policies, procedures, protocols, and tools referred to in Article 9(2) of Regulation (EU) 2022/2554, financial entitiesas defined in Article 2, points (a) to (t) shall develop, document, and implement capacity and performance management procedures for the following:

    1. the identification of capacity requirements of their ICT systems;

    2. the application of resource optimisation;

    3. the monitoring procedures for maintaining and improving:

      1. the availability of data and ICT systems;

      2. the efficiency of ICT systems;

      3. the prevention of ICT capacity shortages.

  2. The capacity and performance management procedures referred to in paragraph 1 shall ensure that financial entitiesas defined in Article 2, points (a) to (t) take measures that are appropriate to cater for the specificities of ICT systems with long or complex procurement or approval processes or ICT systems that are resource-intensive.