Circular CSSF 24/847 Major ICT-related incident notification, DORA Major ICT-related incident and significant cyber threats reporting
CSSF
Key Highlights:
Reporting Channels: Entities must use the CSSF eDesk platform or the S3 API interface to submit notifications. The guide outlines the procedures for both methods.
Roles and Access: To access the notification procedures, entities need to assign the "IT Incident Notifier" role to a user. This role can be requested through the eDesk portal.
Notification Process: The guide details the steps for creating, submitting, modifying, and reclassifying incident notifications. It also covers how to add documents and exchange comments with the CSSF.
Technical Specifications: Entities are provided with information on the required file formats, naming conventions, and the process for submitting reporting files.
Support and Assistance: For technical issues or questions about the notification process, entities can contact the CSSF via email at edesk@cssf.lu or ictrisksupervision@cssf.lu
This guide is a crucial resource for ensuring that entities comply with the regulatory requirements for ICT-related incident reporting in Luxembourg. By following the procedures outlined, entities can contribute to the overall digital operational resilience of the financial sector.
https://www.cssf.lu/wp-content/uploads/Major-ICT-related-Incident-Notification-User-Guide.pdf