When developing an ICT business continuity policy, financial entitiesas defined in Article 2, points (a) to (t) referred to in Title II of this Regulation should take into account the essential components of ICT riskmeans any reasonably identifiable circumstance in relation to the use of network and information systems which, if materialised, may compromise the security of the network and information systems, of any technology dependent tool or process, of operations and processes, or of the provision of services by producing adverse effects in the digital or physical environment; management, including ICT-related incidentmeans a single event or a series of linked events unplanned by the financial entity that compromises the security of the network and information systems, and have an adverse impact on the availability, authenticity, integrity or confidentiality of data, or on the services provided by the financial entity; management and communication strategies, the ICT change management process, and risks associated with ICT third-party service providersmeans an undertaking providing ICT services;.