2020-08-25

Circular CSSF 20/750 on ICT and Security Risk Management Requirements

The Commission de Surveillance du Secteur Financier (CSSF) issued Circular 20/750, subsequently amended by Circulars 22/828 and 25/881, to establish comprehensive requirements for information and communication technology (ICT) and security risk management. These regulations mandate that supervised entities implement robust governance frameworks, risk assessment procedures, and operational resilience measures to mitigate ICT-related threats. The updates ensure that financial sector participants maintain adequate controls and reporting mechanisms to safeguard their digital infrastructure and data integrity.

Luxembourg

Commission de Surveillance du Secteur Financier

Show thumbnailShow full textSourceAdd to collection

Show thumbnail