Updated 05/07/2025
In force

Version from: 25/06/2024
Amendments
Search within this legal act
DORA ToolDelegated Regulation 2024/1774
Article 19

Article 19 - Delegated Regulation 2024/1774

Article 19

Human resources policy

Financial entities shall include in their human resource policy or other relevant policies all of the following ICT security related elements:

(a) 

the identification and assignment of any specific ICT security responsibilities;

(b) 

requirements for staff of the financial entity and of the ICT third-party service providers using or accessing ICT assets of the financial entity to:

(i) 

be informed about, and adhere to, the financial entity’s ICT security policies, procedures, and protocols;

(ii) 

be aware of the reporting channels put in place by the financial entity for the detection of anomalous behaviour, including, where applicable, the reporting channels established in line with Directive (EU) 2019/1937 of the European Parliament and of the Council ( 1 );

(iii) 

for the staff, to return to the financial entity, upon termination of employment, all ICT assets and tangible information assets in their possession that belong to the financial entity.

( 1 ) Directive (EU) 2019/1937 of the European Parliament and of the Council of 23 October 2019 on the protection of persons who report breaches of Union law (OJ L 305, 26.11.2019, p. 17, ELI: http://data.europa.eu/eli/dir/2019/1937/oj).