Article 7
ICT systems, protocols and tools
TL;DR
The Digital Operations Resilience Act from the EU outlines requirements for financial entities to maintain and use updated ICT systems to address and manage ICT risks. These systems must be appropriate to the magnitude of their operations, reliable, sufficiently equipped to handle peak orders, have the capacity to process data for activities and services, and be resilient to handle additional processing needs under adverse conditions.In order to address and manage ICT riskany reasonably identifiable circumstance in relation to the use of network and information systems which, if materialised, may compromise the security of the network and information systems, of any technology dependent tool or process, of operations and processes, or of the provision of services by producing adverse effects in the digital or physical environment, financial entitiesas defined in Article 2, points (a) to (t) shall use and maintain updated ICT systems, protocols and tools that are:
-
appropriate to the magnitude of operations supporting the conduct of their activities, in accordance with the proportionality principle as referred to in Article 4;
proportionality
Paragraph allows for application of the proportionality principle according to Article 4.