Risk ManagementEuropean Union (EBA)
EBA Guidelines on ICT and Security Risk Management (EBA/GL/2024/07)
The European Banking Authority Guidelines on ICT and security risk management (EBA/GL/2019/04, 28 November 2019, applied from 30 June 2020), addressed to financial institutions and payment service providers. (Reference corrected from a mislabelled 'EBA/GL/2024/07'.) Cover governance and strategy, the ICT and security risk management framework (identification, classification/risk assessment, mitigation, reporting, audit), information security (policy, logical and physical security, ICT operations security, monitoring, testing, training), ICT operations management and incident/problem management, ICT project and change management, business continuity management, and payment service user relationship management.
Domains
EBA GL 3.7: Business Continuity Management
EBA GL 3.6: ICT Project and Change Management
EBA GL 3.5: ICT Operations Management
EBA GL 3.4: Information Security
EBA GL 3.3: ICT and Security Risk Management Framework
Compare EBA Guidelines on ICT and Security Risk Management (EBA/GL/2024/07)
EBA Guidelines on ICT and Security Risk Management (EBA/GL/2024/07) vs ISO 27001:2022View comparison →EBA Guidelines on ICT and Security Risk Management (EBA/GL/2024/07) vs SOC 2View comparison →EBA Guidelines on ICT and Security Risk Management (EBA/GL/2024/07) vs NIST CSF 2.0View comparison →EBA Guidelines on ICT and Security Risk Management (EBA/GL/2024/07) vs GDPRView comparison →EBA Guidelines on ICT and Security Risk Management (EBA/GL/2024/07) vs HIPAAView comparison →EBA Guidelines on ICT and Security Risk Management (EBA/GL/2024/07) vs PCI DSS 4.0View comparison →
EBA Guidelines on ICT and Security Risk Management (EBA/GL/2024/07) by Industry
EBA Guidelines on ICT and Security Risk Management (EBA/GL/2024/07) for Healthcare→EBA Guidelines on ICT and Security Risk Management (EBA/GL/2024/07) for Financial Services→EBA Guidelines on ICT and Security Risk Management (EBA/GL/2024/07) for Technology→EBA Guidelines on ICT and Security Risk Management (EBA/GL/2024/07) for Government→EBA Guidelines on ICT and Security Risk Management (EBA/GL/2024/07) for Manufacturing→EBA Guidelines on ICT and Security Risk Management (EBA/GL/2024/07) for Energy→EBA Guidelines on ICT and Security Risk Management (EBA/GL/2024/07) for Retail→EBA Guidelines on ICT and Security Risk Management (EBA/GL/2024/07) for Education→
EBA Guidelines on ICT and Security Risk Management (EBA/GL/2024/07) by Role
EBA Guidelines on ICT and Security Risk Management (EBA/GL/2024/07) for CISOs→EBA Guidelines on ICT and Security Risk Management (EBA/GL/2024/07) for Compliance Officers→EBA Guidelines on ICT and Security Risk Management (EBA/GL/2024/07) for Risk Managers→EBA Guidelines on ICT and Security Risk Management (EBA/GL/2024/07) for IT Directors→EBA Guidelines on ICT and Security Risk Management (EBA/GL/2024/07) for DPOs→EBA Guidelines on ICT and Security Risk Management (EBA/GL/2024/07) for Auditors→
Frequently Asked Questions
What is EBA Guidelines on ICT and Security Risk Management?
The European Banking Authority Guidelines on ICT and security risk management (EBA/GL/2019/04, 28 November 2019, applied from 30 June 2020), addressed to financial institutions and payment service providers. (Reference corrected from a mislabelled 'EBA/GL/2024/07'.) Cover governance and strategy, the ICT and security risk management framework (identification, classification/risk assessment, mitigation, reporting, audit), information security (policy, logical and physical security, ICT operations security, monitoring, testing, training), ICT operations management and incident/problem management, ICT project and change management, business continuity management, and payment service user relationship management.
How many controls does EBA Guidelines on ICT and Security Risk Management have?
EBA Guidelines on ICT and Security Risk Management contains 28 controls organized across 7 domains.
Where does EBA Guidelines on ICT and Security Risk Management apply?
EBA Guidelines on ICT and Security Risk Management is applicable in European Union (EBA). Organizations operating in or serving customers in this jurisdiction should evaluate its requirements.
What frameworks does EBA Guidelines on ICT and Security Risk Management map to?
EBA Guidelines on ICT and Security Risk Management has control-to-control mappings with 14 other compliance frameworks in our database. Use our compliance platform to explore these mappings interactively.
How do I get started with EBA Guidelines on ICT and Security Risk Management compliance?
Start by understanding the framework's key controls and domains. Our compliance platform provides AI-powered gap analysis and mapping tools to help you assess your current posture and build a remediation plan.
How ready are you for EBA Guidelines on ICT and Security Risk Management (EBA/GL/2024/07)?
Answer 25 questions and get a professional readiness report with gap analysis, maturity scores, and prioritised action items. Results in 5 minutes.