Search Results for Information and communications technology (ICT)

amending Circular CSSF 20/750 on requirements regarding information and communication technology (ICT) and security risk management

on requirements on the use of ICT third-party services for Financial Entities subject to the Digital Operational Resilience Act (DORA)

on relationship management of payment service users and PSP ICT assessment

Requirements regarding information and communication technology (ICT) and security risk management

Amendment of Circular CSSF 20/750 on requirements regarding information and communication (ICT) and security risk management

Press release 22/01

In light of the many questions surrounding Distributed Ledger Technology (DLT) and blockchain, the Commission de Surveillance du Secteur Financier (CSSF) is sharing its advice on assessing the risks when designing or implementing a project using DLT by publishing a white paper.

Press release 21/25

In response to the continuing development of material IT outsourcing, the Commission de Surveillance du Secteur Financier (CSSF) simplifies its procedures for prior provision of information in this respect through Circular CSSF 21/785.

relating to the notification of incidents according to the Law of 28 May 2019 transposing Directive (EU) 2016/1148 of the European Parliament and of the Council of 6 July 2016 concerning measures for a high common level of security of network and information systems across the European Union.

Law of 28 May 2019 transposing Directive (EU) 2016/1148 of the European Parliament and of the Council of 6 July 2016 concerning measures for a high common level of security of network and information systems across the European Union and amending

1° the Law of 20 April 2009 establishing a Government IT Centre, as amended; and
2° the Law of 23 July 2016 establishing a High Commission for National Protection.

laying down rules for application of Directive (EU) 2016/1148 of the European Parliament and of the Council as regards further specification of the elements to be taken into account by digital service providers for managing the risks posed to the security of network and information systems and of the parameters for determining whether an incident has a substantial impact

on the definition of essential services according to the Law of 28 May 2019 transposing Directive (EU) 2016/1148 of the European Parliament and of the Council of 6 July 2016 concerning measures for a high common level of security of network and information systems across the European Union

Evolution of the usage and control of the tools for managing information technology resources and the management of access to these resources

supplementing Regulation (EU) 2022/2554 of the European Parliament and of the Council with regard to regulatory technical standards specifying ICT risk management tools, methods, processes, and policies and the simplified ICT risk management framework

supplementing Regulation (EU) 2022/2554 of the European Parliament and of the Council with regard to regulatory technical standards specifying the detailed content of the policy regarding contractual arrangements on the use of ICT services supporting critical or important functions provided by ICT third-party service providers

amending Circular CSSF 22/806 on outsourcing arrangements

supplementing Regulation (EU) 2022/2554 of the European Parliament and of the Council by specifying the criteria for the designation of ICT third-party service providers as critical for financial entities