The fast-evolving nature of ICT landscapes, ICT vulnerabilitiesmeans a weakness, susceptibility or flaw of an asset, system, process or control that can be exploited; and cyber threatsmeans ‘cyber threat’ as defined in Article 2, point (8), of Regulation (EU) 2019/881; necessitates a proactive and comprehensive approach to identifying, evaluating, and addressing ICT vulnerabilitiesmeans a weakness, susceptibility or flaw of an asset, system, process or control that can be exploited;. Without such an approach, financial entitiesas defined in Article 2, points (a) to (t), their customers, users, or counterparties may be severely exposed to risks, which would put at risk their digital operational resiliencemeans the ability of a financial entity to build, assure and review its operational integrity and reliability by ensuring, either directly or indirectly through the use of services provided by ICT third-party service providers, the full range of ICT-related capabilities needed to address the security of the network and information systems which a financial entity uses, and which support the continued provision of financial services and their quality, including throughout disruptions;, the security of their networks, and the availability, authenticity, integrity, and confidentiality of data that ICT security policies and procedures should protect. Financial entitiesas defined in Article 2, points (a) to (t) referred to in Title II of this Regulation should therefore identify and remedy vulnerabilitiesmeans a weakness, susceptibility or flaw of an asset, system, process or control that can be exploited; in their ICT environment, and both the financial entitiesas defined in Article 2, points (a) to (t) and their ICT third-party service providersmeans an undertaking providing ICT services; should adhere to a coherent, transparent, and responsible vulnerabilitymeans a weakness, susceptibility or flaw of an asset, system, process or control that can be exploited; management framework. For the same reason, financial entitiesas defined in Article 2, points (a) to (t) should monitor ICT vulnerabilitiesmeans a weakness, susceptibility or flaw of an asset, system, process or control that can be exploited; using reliable resources and automated tools, verifying that ICT third-party service providersmeans an undertaking providing ICT services; ensure prompt action on vulnerabilitiesmeans a weakness, susceptibility or flaw of an asset, system, process or control that can be exploited; in provided ICT servicesmeans digital and data services provided through ICT systems to one or more internal or external users on an ongoing basis, including hardware as a service and hardware services which includes the provision of technical support via software or firmware updates by the hardware provider, excluding traditional analogue telephone services;.