It is necessary to lay down requirements for operational risk, and more particularly requirements for ICT project and change management and ICT business continuity management building on those that apply already to central counterpartiesmeans a central counterparty as defined in Article 2, point (1), of Regulation (EU) No 648/2012;, central securities depositoriesmeans a central securities depository as defined in Article 2(1), point (1), of Regulation (EU) No 909/2014; and trading venuesmeans a trading venue as defined in Article 4(1), point (24), of Directive 2014/65/EU; under, respectively, Regulations (EU) No 648/2012 (3)Regulation (EU) No 648/2012 of the European Parliament and of the Council of 4 July 2012 on OTC derivatives, central counterparties and trade repositories (OJ L 201, 27.7.2012, p. 1, ELI: http://data.europa.eu/eli/reg/2012/648/oj)., (EU) No 600/2014 (4)Regulation (EU) No 600/2014 of the European Parliament and of the Council of 15 May 2014 on markets in financial instruments and amending Regulation (EU) No 648/2012 (OJ L 173, 12.6.2014, p. 84, ELI: http://data.europa.eu/eli/reg/2014/600/oj). and (EU) No 909/2014 (5)Regulation (EU) No 909/2014 of the European Parliament and of the Council of 23 July 2014 on improving securities settlement in the European Union and on central securities depositories and amending Directives 98/26/EC and 2014/65/EU and Regulation (EU) No 236/2012 (OJ L 257, 28.8.2014, p. 1, ELI: http://data.europa.eu/eli/reg/2014/909/oj). of the European Parliament and of the Council.