Guidelines on ICT and security risk management
- Status: Final and translated into the EU official languages
These draft Guidelines establish requirements for credit institutions, investment firms and payment service providers (PSPs) on the mitigation and management of their information and communication technology (ICT) risks and aim to ensure a consistent and robust approach across the Single market. Once into force, these Guidelines will replace those on security measures for operational and security risks (EBA GL/2017/17), which will then be repealed.