Article 7

ICT systems, protocols and tools

TL;DR The Digital Operations Resilience Act from the EU outlines requirements for financial entities to maintain and use updated ICT systems to address and manage ICT risks. These systems must be appropriate to the magnitude of their operations, reliable, sufficiently equipped to handle peak orders, have the capacity to process data for activities and services, and be resilient to handle additional processing needs under adverse conditions.

In order to address and manage ICT riskany reasonably identifiable circumstance in relation to the use of network and information systems which, if materialised, may compromise the security of the network and information systems, of any technology dependent tool or process, of operations and processes, or of the provision of services by producing adverse effects in the digital or physical environment, financial entitiesas defined in Article 2, points (a) to (t) shall use and maintain updated ICT systems, protocols and tools that are:

  1. appropriate to the magnitude of operations supporting the conduct of their activities, in accordance with the proportionality principle as referred to in Article 4;

  2. reliable;

  3. equipped with sufficient capacity to accurately process the data necessary for the performance of activities and the timely provision of services, and to deal with peak orders, message or transaction volumes, as needed, including where new technology is introduced;

  4. technologically resilient in order to adequately deal with additional information processing needs as required under stressed market conditions or other adverse situations.