Scope
The IT Compliance profile consists of requirements from the following guidelines and standards:
- EBA Guidelines on ICT and security risk management;
- EBA Guidelines on the security measures for operational and security risks of payment services under PSD2;
- EIOPA Guidelines on information and communication technology security and governance;
- AFM Principles for Information Security;
- When available, all requirements additionally include references to the COBIT 5.0 framework and the ISO 27001/2 standards. We are currently investigating the possibility of also including texts and citations from these frameworks, in addition to just the references;
- The Digital Operational Resilience Act (DORA), which is currently under consultation, will also be added to the IT Compliance profile once it comes into effect.
Meeting all relevant requirements
The IT Compliance profile provides insight into the requirements that must be met, regardless of what type of license your organization has. For each topic you can see to what extent you meet the legal requirements for your organization, and whether you automatically also meet requirements from other frameworks.
Based on your risk analysis you can then add control measures, start workflows and set up and monitor a planning with points of action.