Search Legislation

Commission Delegated Regulation (EU) 2017/392Show full title

Commission Delegated Regulation (EU) 2017/392 of 11 November 2016 supplementing Regulation (EU) No 909/2014 of the European Parliament and of the Council with regard to regulatory technical standards on authorisation, supervisory and operational requirements for central securities depositories (Text with EEA relevance)

 Help about what version

What Version

 Help about UK-EU Regulation

Legislation originating from the EU

When the UK left the EU, legislation.gov.uk published EU legislation that had been published by the EU up to IP completion day (31 December 2020 11.00 p.m.). On legislation.gov.uk, these items of legislation are kept up-to-date with any amendments made by the UK since then.

Close

This item of legislation originated from the EU

Legislation.gov.uk publishes the UK version. EUR-Lex publishes the EU version. The EU Exit Web Archive holds a snapshot of EUR-Lex’s version from IP completion day (31 December 2020 11.00 p.m.).

Status:

This is the original version as it was originally adopted in the EU.
This legislation may since have been updated - see the latest available (revised) version

Article 75IT tools

1.A CSD shall ensure that its information technology (IT) systems are well-documented and that they are designed to cover the CSD's operational needs and the operational risks that the CSD faces.

The CSD IT systems shall be:

(a)resilient, including in stressed market conditions;

(b)have sufficient capacity to process additional information as a result of increasing settlement volumes;

(c)achieve the service level objectives of the CSD.

2.A CSD systems shall have sufficient capacity to process all transactions before the end of the day even in circumstances where a major disruption occurs.

A CSD shall have procedures for ensuring sufficient capacity of its IT systems, including in the case of the introduction of new technology.

3.A CSD shall base its IT systems on internationally recognised technical standards and industry best practices.

4.A CSD's IT systems shall ensure that any data at the disposal of the CSD is protected from loss, leakage, unauthorised access, poor administration, inadequate record-keeping, and other processing risks.

5.A CSD's information security framework shall outline the mechanisms that the CSD have in place to detect and prevent cyber-attacks. The framework shall also outline the CSD's plan in response to cyber-attacks.

6.The CSD shall subject its IT systems to stringent testing by simulating stressed conditions before those systems are used for the first time, after making significant changes to the systems and after a major operational disruption has occurred. A CSD shall, as appropriate, involve in the design and conduct of these tests:

(a)users;

(b)critical utilities and critical service providers;

(c)other CSDs;

(d)other market infrastructures;

(e)any other institutions with which interdependencies have been identified in the business continuity policy.

7.The information security framework shall include:

(a)access controls to the system;

(b)adequate safeguards against intrusions and data misuse;

(c)specific devices to preserve data authenticity and integrity, including cryptographic techniques;

(d)reliable networks and procedures for accurate and prompt data transmission without major disruptions; and

(e)audit trails.

8.The CSD shall have arrangements for the selection and substitution of IT third party service providers, CSD's timely access to all necessary information, as well as proper controls and monitoring tools.

9.The CSD shall ensure that the IT systems and the information security framework concerning the CSD's core services are reviewed at least annually and are subject to audit assessments. The results of the assessments shall be reported to the CSD's management body and to the competent authority.

Back to top

Options/Help

Print Options

Close

Legislation is available in different versions:

Latest Available (revised):The latest available updated version of the legislation incorporating changes made by subsequent legislation and applied by our editorial team. Changes we have not yet applied to the text, can be found in the ‘Changes to Legislation’ area.

Original (As adopted by EU): The original version of the legislation as it stood when it was first adopted in the EU. No changes have been applied to the text.

Close

Opening Options

Different options to open legislation in order to view more content on screen at once

Close

More Resources

Access essential accompanying documents and information for this legislation item from this tab. Dependent on the legislation item being viewed this may include:

  • the original print PDF of the as adopted version that was used for the EU Official Journal
  • lists of changes made by and/or affecting this legislation item
  • all formats of all associated documents
  • correction slips
  • links to related legislation and further information resources
Close

More Resources

Use this menu to access essential accompanying documents and information for this legislation item. Dependent on the legislation item being viewed this may include:

  • the original print PDF of the as adopted version that was used for the print copy
  • correction slips

Click 'View More' or select 'More Resources' tab for additional information including:

  • lists of changes made by and/or affecting this legislation item
  • confers power and blanket amendment details
  • all formats of all associated documents
  • links to related legislation and further information resources