Circular CSSF 24/847 Major ICT-related incident notification, DORA Major ICT-related incident and significant cyber threats reporting

Key Highlights:

• Reporting Channels: Entities must use the CSSF eDesk platform or the S3 API interface to submit notifications. The guide outlines the procedures for both methods.

• Roles and Access: To access the notification procedures, entities need to assign the "IT Incident Notifier" role to a user. This role can be requested through the eDesk portal.

• Notification Process: The guide details the steps for creating, submitting, modifying, and reclassifying incident notifications. It also covers how to add documents and exchange comments with the CSSF.

• Technical Specifications: Entities are provided with information on the required file formats, naming conventions, and the process for submitting reporting files.

• Support and Assistance: For technical issues or questions about the notification process, entities can contact the CSSF via email at edesk@cssf.lu or ictrisksupervision@cssf.lu

This guide is a crucial resource for ensuring that entities comply with the regulatory requirements for ICT-related incident reporting in Luxembourg. By following the procedures outlined, entities can contribute to the overall digital operational resilience of the financial sector.

https://www.cssf.lu/wp-content/uploads/Major-ICT-related-Incident-Notification-User-Guide.pdf