This is the EBA's version of Cyber security requirements. They go beyond protecting against just cyber attacks but also cover the risks arising from IT failures.
Many financial organisations rely on third party technology suppliers to provide their technical solutions, in some cases on an outsourcing basis.
These rules should therefore be read in conjunction with the EBA Outsourcing Guidelines, accessible here:
The increasing digitalisation in the financial sector and the growing interconnectedness across financial institutions and third parties make financial institutions’ operations vulnerable to internal and external ICT and security risks that can potentially compromise their viability. As a result, sound ICT and security risk management are key for a financial institution to achieve its strategic, corporate, operational and reputational objectives.