Art 6 - ICT risk management framework

Article 6 obliges financial entities to set up a comprehensive ICT risk-management framework that identifies, protects against, detects, responds to and recovers from ICT risks in a manner proportionate to their size and complexity. The framework must be documented, integrated with overall governance and reviewed regularly.