Commission Implementing Regulation (EU) 2018/1624 of 23 October 2018 laying down implementing technical standards with regard to procedures and standard forms and templates for the provision of information for the purposes of resolution plans for credit institutions and investment firms pursuant to Directive 2014/59/EU of the European Parliament and of the Council, and repealing Commission Implementing Regulation (EU) 2016/1066 (Text with EEA relevance)
Status:
This is the original version (as it was originally adopted).
II.10Critical information systems
II.10.1General remarks
60.This section consists of the following templates:
Z 10.01 — Critical Information systems (General information) (CIS 1), which lists all critical information systems in the group;
Z 10.02 — Mapping of critical information systems (CIS 2), which maps the critical information systems to user entities in the group and critical functions.
61.A Critical Information System (‘CIS’) shall be understood as an IT application or software which supports a critical service and the disruption of which would present a serious impediment or prevent the performance of a critical function.
62.These templates shall be reported for the entire group.
II.10.2Z 10.01 — Critical Information systems (General information) (CIS 1): Instructions concerning specific positions
63.The value reported in column 0010 of this template forms a primary key which has to be unique for each row of the template.
Columns | Instructions |
---|
0010-0040 | Critical Information System |
0010 | System Identification Code The system identification code is an acronym set by the institution that identifies unequivocally the critical information system.
This is a row identifier and shall be unique for each row in the template.
|
0020 | System name Commercial or internal name of the system.
|
0030 | System Type Report one of the following values:
‘Custom-Built Software For Business Support’
Applications that have been developed according to detailed business specifications. It may have been developed internally or using external contractors, but always with the purpose of business support.
‘Software Purchased As-Is’
Applications purchased in the market, typically sold or licensed by a vendor, that were not modified in terms of specific customizations to the organisation's business. Applications that were subjected to normal configuration mechanisms are included in this category.
‘Software Purchased With Custom Modifications’
Applications purchased in the market but where the vendor (or his representative) has created a specific version for the context of that installation. This particular version is characterized by changes in the application behaviour, new features or by inclusion of non-standard plug-ins developed according to the organisation's business.
‘Application/External Portal’
External portals or applications provided by third parties, typically partners, to access the services they offered. Normally they are outside the scope of the information systems management of the organisation, and are installed, maintained and managed by the partner itself. Such applications often take the form of portals (accessible via the internet or private networks), and despite being outside the scope of the information systems management services of the organisation, they are important (or critical) to some business functions.
|
0040 | Description Description of the main purpose of the information system in the business context.
|
0050-0060 | Group Entity Responsible for the System |
0050 | Entity name Name of the legal entity responsible for the system within the group.
This is the entity responsible for the overall procurement, development, integration, modification, operation, maintenance and retirement of an information system and is a key contributor in developing system design specifications to ensure the security and user operational needs are documented, tested, and implemented.
|
0060 | Code Code of the legal entity responsible for the system within the group, as reported in Z 01.00 — Organisational structure (ORG).
|
II.10.3Z 10-02 — Mapping of information systems (CIS 2): Instructions concerning specific positions
64.The combination of values reported in columns 0010, 0030, 0040 and 0050 of this template forms a primary key which has to be unique for each row of the template.
Columns | Instructions |
---|
0010 | System Identification Code The information system Identification code as reported in column 010 of template Z 10.01 (CIS 1).
|
0020-0030 | Group Entity user of the System The entity that uses the system within the group (‘user’). There might be several users, in which case several rows for the same information system shall be reported.
|
0020 | Entity name Name of the user entity, as reported in Z 01.00 (ORG)
|
0030 | Code Code of the user entity, as reported in Z 01.00 (ORG)
|
0040 | Critical service The identifier of the critical service, as reported in Z 08.00 (column 0005) which the system supports. The critical service may in itself be an IT service, or another type of service which the information system supports (for example transaction processing).
|
0050-0060 | Critical function The critical function that would be seriously hindered or completely prevented by a disruption of services supported by the information system. There might be several critical functions, in which case several rows for the same information system shall be reported.
|
0050 | Country Country for which the function is critical, as reported in Z 07.01 (FUNC 1)
|
0060 | ID ID of the critical functions as defined in chapter 2.7.1.4 above and referred to in template Z 07.01 (FUNC 1)
|
Back to top