Risk ManagementEuropean Union (EBA)
EBA Guidelines on ICT and Security Risk Management (EBA/GL/2019/04)
The European Banking Authority (EBA) Guidelines on ICT and Security Risk Management (EBA/GL/2019/04, revised 2024 to align with DORA) establish requirements for financial institutions' management of ICT and security risks. They cover ICT governance, risk management framework, information security, ICT operations, business continuity, and payment service security.
Domains
3.7 Business Continuity Management
3.6 ICT Project and Change Management
3.5 ICT Operations Management
3.4 Information Security
3.3 ICT and Security Risk Management Framework
Compare EBA Guidelines on ICT and Security Risk Management (EBA/GL/2019/04)
EBA Guidelines on ICT and Security Risk Management (EBA/GL/2019/04) vs ISO 27001:2022View comparison →EBA Guidelines on ICT and Security Risk Management (EBA/GL/2019/04) vs SOC 2View comparison →EBA Guidelines on ICT and Security Risk Management (EBA/GL/2019/04) vs NIST CSF 2.0View comparison →EBA Guidelines on ICT and Security Risk Management (EBA/GL/2019/04) vs GDPRView comparison →EBA Guidelines on ICT and Security Risk Management (EBA/GL/2019/04) vs HIPAAView comparison →EBA Guidelines on ICT and Security Risk Management (EBA/GL/2019/04) vs PCI DSS 4.0View comparison →
EBA Guidelines on ICT and Security Risk Management (EBA/GL/2019/04) by Industry
EBA Guidelines on ICT and Security Risk Management (EBA/GL/2019/04) for Healthcare→EBA Guidelines on ICT and Security Risk Management (EBA/GL/2019/04) for Financial Services→EBA Guidelines on ICT and Security Risk Management (EBA/GL/2019/04) for Technology→EBA Guidelines on ICT and Security Risk Management (EBA/GL/2019/04) for Government→EBA Guidelines on ICT and Security Risk Management (EBA/GL/2019/04) for Manufacturing→EBA Guidelines on ICT and Security Risk Management (EBA/GL/2019/04) for Energy→EBA Guidelines on ICT and Security Risk Management (EBA/GL/2019/04) for Retail→EBA Guidelines on ICT and Security Risk Management (EBA/GL/2019/04) for Education→
EBA Guidelines on ICT and Security Risk Management (EBA/GL/2019/04) by Role
EBA Guidelines on ICT and Security Risk Management (EBA/GL/2019/04) for CISOs→EBA Guidelines on ICT and Security Risk Management (EBA/GL/2019/04) for Compliance Officers→EBA Guidelines on ICT and Security Risk Management (EBA/GL/2019/04) for Risk Managers→EBA Guidelines on ICT and Security Risk Management (EBA/GL/2019/04) for IT Directors→EBA Guidelines on ICT and Security Risk Management (EBA/GL/2019/04) for DPOs→EBA Guidelines on ICT and Security Risk Management (EBA/GL/2019/04) for Auditors→
Frequently Asked Questions
What is EBA Guidelines on ICT and Security Risk Management?
The European Banking Authority (EBA) Guidelines on ICT and Security Risk Management (EBA/GL/2019/04, revised 2024 to align with DORA) establish requirements for financial institutions' management of ICT and security risks. They cover ICT governance, risk management framework, information security, ICT operations, business continuity, and payment service security.
How many controls does EBA Guidelines on ICT and Security Risk Management have?
EBA Guidelines on ICT and Security Risk Management contains 26 controls organized across 6 domains.
Where does EBA Guidelines on ICT and Security Risk Management apply?
EBA Guidelines on ICT and Security Risk Management is applicable in European Union (EBA). Organizations operating in or serving customers in this jurisdiction should evaluate its requirements.
What frameworks does EBA Guidelines on ICT and Security Risk Management map to?
EBA Guidelines on ICT and Security Risk Management has control-to-control mappings with 586 other compliance frameworks in our database. Use our compliance platform to explore these mappings interactively.
How do I get started with EBA Guidelines on ICT and Security Risk Management compliance?
Start by understanding the framework's key controls and domains. Our compliance platform provides AI-powered gap analysis and mapping tools to help you assess your current posture and build a remediation plan.
How ready are you for EBA Guidelines on ICT and Security Risk Management (EBA/GL/2019/04)?
Answer 25 questions and get a professional readiness report with gap analysis, maturity scores, and prioritised action items. Results in 5 minutes.