Check your settings below and select the cookies you’re happy with.

Strictly Necessary Cookies

These cookies are necessary for the website to function and cannot be switched off in our systems. They are usually only set in response to actions made by you which amount to a request for services, such as setting your privacy preferences, logging in or filling in forms. You can set your browser to block or alert you about these cookies, but some parts of the site will not then work. These cookies do not store any information which allows us to identify you unless you are logged into your account.

Performance Cookies

These cookies allow us to count visits and traffic sources so we can measure and improve the performance of our site. They help us to know which pages are the most and least popular and see how visitors move around the site. All information these cookies collect is aggregated and therefore anonymous. If you do not allow these cookies we will not know when you have visited our site and will not be able to monitor its performance.

Functional Cookies

These cookies enable the website to provide enhanced functionality and personalisation. They may be set by us or by third party providers whose services we have added to our pages. If you do not allow these cookies then some or all of these services may not function properly.

Targeting Cookies

These cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly information which allows us to identify you personally but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.

Find out more about www.allaboutcookies.org or view our cookie policy.

Skip to main content

Home
Technical Standards
2017
Commission Delegated Regulation (EU) 2017/571
CHAPTER II ORGANISATIONAL REQUIREMENTS (Article 64...
Article 9 Security

You are viewing the version of the document as on 2021-01-01.

Article 9 Security

01/01/2021

(1)
A data reporting services provider shall set up and maintain procedures and arrangements for physical and electronic security designed to:
1. (a)
  protect its IT systems from misuse or unauthorised access;
2. (b)
  minimise the risks of attacks against the information systems;
3. (c)
  prevent unauthorised disclosure of confidential information;
4. (d)
  ensure the security and integrity of the data.
(2)
Where an investment firm ("reporting firm") uses a third party ("submitting firm") to submit information to an ARM on its behalf, an ARM shall have procedures and arrangements in place to ensure that the submitting firm does not have access to any other information about or submitted by the reporting firm to the ARM which may have been sent by the reporting firm directly to the ARM or via another submitting firm.
(3)
A data reporting services provider shall set up and maintain measures and arrangements to promptly identify and manage the risks identified in paragraph 1.
(4)
In respect of breaches in the physical and electronic security measures referred to in paragraphs 1, 2 and 3, a data reporting services provider shall promptly notify:
1. (a)
  the competent authority and provide an incident report, indicating the nature of the incident, the measures adopted to cope with the incident and the initiatives taken to prevent similar incidents;
2. (b)
  its clients that have been affected by the security breach.