The fast-evolving nature of ICT landscapes, ICT vulnerabilitiesa weakness, susceptibility or flaw of an asset, system, process or control that can be exploited and cyber threatsas defined in Article 2, point (8), of Regulation (EU) 2019/881: any potential circumstance, event or action that could damage, disrupt or otherwise adversely impact network and information systems, the users of such systems and other persons necessitates a proactive and comprehensive approach to identifying, evaluating, and addressing ICT vulnerabilitiesa weakness, susceptibility or flaw of an asset, system, process or control that can be exploited. Without such an approach, financial entitiesas defined in Article 2, points (a) to (t), their customers, users, or counterparties may be severely exposed to risks, which would put at risk their digital operational resiliencethe ability of a financial entity to build, assure and review its operational integrity and reliability by ensuring, either directly or indirectly through the use of services provided by ICT third-party service providers, the full range of ICT-related capabilities needed to address the security of the network and information systems which a financial entity uses, and which support the continued provision of financial services and their quality, including throughout disruptions, the security of their networks, and the availability, authenticity, integrity, and confidentiality of data that ICT security policies and procedures should protect. Financial entitiesas defined in Article 2, points (a) to (t) referred to in Title II of this Regulation should therefore identify and remedy vulnerabilitiesa weakness, susceptibility or flaw of an asset, system, process or control that can be exploited in their ICT environment, and both the financial entitiesas defined in Article 2, points (a) to (t) and their ICT third-party service providersan undertaking providing ICT services should adhere to a coherent, transparent, and responsible vulnerabilitya weakness, susceptibility or flaw of an asset, system, process or control that can be exploited management framework. For the same reason, financial entitiesas defined in Article 2, points (a) to (t) should monitor ICT vulnerabilitiesa weakness, susceptibility or flaw of an asset, system, process or control that can be exploited using reliable resources and automated tools, verifying that ICT third-party service providersan undertaking providing ICT services ensure prompt action on vulnerabilitiesa weakness, susceptibility or flaw of an asset, system, process or control that can be exploited in provided ICT servicesdigital and data services provided through ICT systems to one or more internal or external users on an ongoing basis, including hardware as a service and hardware services which includes the provision of technical support via software or firmware updates by the hardware provider, excluding traditional analogue telephone services.