⚙️Live webinar: AI governance in controlled environments: The next compliance challenge. Register now
MarketplaceCybersecurityGuidelines on ICT and Security Risk Management
CybersecurityGuideline

Guidelines on ICT and Security Risk Management

The EBA Guidelines establish requirements for credit institutions, investment firms, and payment service providers on mitigating and managing information and communication technology (ICT) risks. They aim to ensure a consistent and robust approach to ICT and security risk management across the EU financial sector.

Book your strategy callView source ↗

Overview

These Guidelines were developed by the European Banking Authority (EBA) to standardize ICT and security risk management practices in the EU financial system. They apply to credit institutions, investment firms, and payment service providers and aim to mitigate operational and ICT risks effectively. The Guidelines will replace the EBA GL/2017/17 Guidelines on security measures for operational and security risks. They are aligned with the Digital Operational Resilience Act (DORA), which harmonizes ICT risk management practices in the financial sector. The Guidelines focus on a simplified framework for managing ICT risks, including operational resilience, and are set to take effect on May 20, 2025.

Related in Cybersecurity

CybersecurityRegulation

Safe & Trusted Internet — Guidelines on Information Security Practices for Government Entities

The Safe & Trusted Internet Guidelines on Information Security Practices for Government Entities, issued by the Indian Computer Emergency Response Team (CERT-In), establish baseline cyber security controls and best practices to help government entities protect ICT infrastructure, systems, networks, and data against evolving cyber threats and strengthen India’s digital security posture.

Indian Computer Emergency Response Team (CERT-In) Ministry of Electronics and Information Technology Government of India • India

View details
CybersecurityGuideline

PDSP — Protective Data Security Plan (PDSP) Single organisation PDSP form Version 3.7

Victorian public sector bodies are required to report on their information security practices to the Office of the Victorian Information Commissioner (OVIC). This includes submitting Protective Data Security Plans (PDSPs), annual attestations, and notifying OVIC of security incidents as outlined under the Victorian Protective Data Security Framework and Standards (VPDSF, VPDSS).

Office of the Victorian Information Commissioner (OVIC) • Victoria, Australia • v3.7

View details
CybersecurityGuideline

CISA ZTMM V2 — CISA Zero Trust Maturity Model V2

The CISA Zero Trust Maturity Model V2 provides a structured roadmap for organizations implementing a zero trust architecture. It outlines five key pillars and associated maturity levels to guide strategies and execution.

US Department of Homeland Security (DHS) • United States • v2

View details
CybersecurityFramework

C2M2 — Cybersecurity Capability Maturity Model

The Cybersecurity Capability Maturity Model (C2M2) is a tool developed by the U.S. Department of Energy to help organizations evaluate and enhance their cybersecurity capabilities. It focuses on both IT and OT environments, offering a structured framework of over 350 practices organized into 10 domains.

U.S. Department of Energy • United States • v2.1

View details

Ready to manage these frameworks?

6clicks maps regulations to controls, evidence and risks — automatically.

Book your strategy call