Austrian Federal Economic Chamber, Division Bank and Insurance
GLs Section - Article - Paragraph Proposal for amendment
Subsection 4.6.1 (ICT projectmanagement) paragraph 66 – “Financial institutions should implement a governance process with an adequate project implementation leadership to effectively support the implementation of the ICT strategy through ICT projects.” EBA should prodive a clear definition of “project implementation leadership”
Subsection 4.6.1 (ICT projectmanagement) paragraph 70 – “Financial institutions should ensure that all areas impacted by an ICT project are represented in the project team and that the project team has an adequate knowledge required to ensure secure and successful project implementation.” EBA should provide a clear definition of “adequate knowledge”.
Subsection 4.6.2 (ICT systems acquisition and development) Referring to the section on “ICT Project and Change Management”, in particular section 4.6.2. on “ICT systems acquisition and development”, we suggest adding a reference to ISO 27001 A.14 on system/software development life cycle (SDLC) as ISO 27001 can be considered as an appropriate software solution.