TITLE VSECURITY REQUIREMENTS AND CONTINGENCY ISSUES
Article 21Business continuity and contingency procedures
In the event of an abnormal external event or any other event which affects the operation of the SSP, the business continuity and contingency procedures described in Appendix IV shall apply.
Article 22Security requirements
1.Participants shall implement adequate security controls to protect their systems from unauthorised access and use. Participants shall be exclusively responsible for the adequate protection of the confidentiality, integrity and availability of their systems.
2.Participants shall inform the ECB of any security-related incidents in their technical infrastructure and, where appropriate, security-related incidents that occur in the technical infrastructure of the third party providers. The ECB may request further information about the incident and, if necessary, request that the participant take appropriate measures to prevent a recurrence of such an event.
3.The ECB may impose additional security requirements on all participants and/or on participants that are considered critical by the ECB.