Article 30 | Delegated Regulation 2024/1774

Article 30 - Delegated Regulation 2024/1774

Article 30

Classification of information assets and ICT assets

1. As part of the simplified ICT risk management framework referred to in Article 16(1), point (a), of Regulation (EU) 2022/2554, the financial entities referred to in paragraph 1 of that Article shall identify, classify, and document all critical or important functions, the information assets and ICT assets supporting them and their interdependencies. Financial entities shall review that identification and classification as needed.

2. The financial entities referred to in paragraph 1 shall identify all critical or important functions supported by ICT third-party service providers.

TITLE I - GENERAL PRINCIPLE (Article 1)

TITLE II - FURTHER HARMONISATION OF ICT RISK MANAGEMENT TOOLS, METHODS, PROCESSES, AND POLICIES IN ACCORDANCE WITH ARTICLE 15 OF REGULATION (EU) 2022/2554 (Article 2-27)

TITLE III - SIMPLIFIED ICT RISK MANAGEMENT FRAMEWORK FOR FINANCIAL ENTITIES REFERRED TO IN ARTICLE 16(1) OF REGULATION (EU) 2022/2554 (Article 28-41)

CHAPTER I - Simplified ICT risk management framework (Article 28-32)Article 28 - Governance and organisation Q&A Article 29 - Information security policy and measures Article 30 - Classification of information assets and ICT assets Article 31 - ICT risk management Article 32 - Physical and environmental security

CHAPTER II - Further elements of systems, protocols, and tools to minimise the impact of ICT risk (Article 33-38)

CHAPTER III - ICT business continuity management (Article 39-40)

CHAPTER IV - Report on the review of the simplified ICT risk management framework (Article 41)

TITLE IV - FINAL PROVISIONS (Article 42)

Metadata

Related documents

Article 30 - Delegated Regulation 2024/1774

Table of contents