INCIDENT REPORTING Systems need to be in place for “ monitoring , managing , logging , classifying , and reporting ”

ICT-related incidents .

THIRD-PARTY RISK MANAGEMENT

It ’ s a requirement for companies in the sector to take an active role in managing ICT third-party risk . Service providers must also comply with the requirements of the DORA regulation

ICT RISK MANAGEMENT AND GOVERNANCE

Organisations must have comprehensive ICT risk management frameworks that identify and classify critical assets . They must also conduct periodic risk assessments

OPERATIONAL RESILIENCE TESTING AND THREAT SHARING

ICT systems must be tested regularly to evaluate their performance , identify vulnerabilities , and repair them in a timely manner . In addition , financial institutions must establish agreements to share information a nd intelligence about threats and vulnerabilities .