Annex I TEMPLATES FOR THE REPORTING OF MAJOR INCIDENTS
LEU2025302EN110120241023EN0001.00016194
| Number of field | Data field | |
|---|---|---|
| General information about the financial entity | ||
| 1.1 | Type of submission | |
| 1.2 | Name of the entity submitting the report | |
| 1.3 | Identification code of the entity submitting the report | |
| 1.4 | Type of financial entity affected | |
| 1.5 | Name of the financial entity affected | |
| 1.6 | LEI code of the financial entity affected | |
| 1.7 | Primary contact person name | |
| 1.8 | Primary contact person email | |
| 1.9 | Primary contact person telephone | |
| 1.10 | Second contact person name | |
| 1.11 | Second contact person email | |
| 1.12 | Second contact person telephone | |
| 1.13 | Name of the ultimate parent undertaking | |
| 1.14 | LEI code of the ultimate parent undertaking | |
| 1.15 | Reporting currency | |
| Content of the initial notification | ||
| 2.1 | Incident reference code assigned by the financial entity | |
| 2.2 | Date and time of detection of the major ICT-related incident | |
| 2.3 | Date and time of classification of the ICT-related incident as major | |
| 2.4 | Description of the major ICT-related incident | |
| 2.5 | Classification criteria that triggered the incident report | |
| 2.6 | Materiality thresholds for the classification criterion ‘Geographical spread’ | |
| 2.7 | Discovery of the major ICT-related incident | |
| 2.8 | Indication whether the major ICT-related incident originates from a third-party provider or another financial entity | |
| 2.9 | Activation of business continuity plan, if activated | |
| 2.10 | Other relevant information | |
| Content of the intermediate report | ||
| 3.1 | Incident reference code provided by the competent authority | |
| 3.2 | Date and time of occurrence of the major ICT-related incident | |
| 3.3 | Date and time when services, activities or operations have been recovered | |
| 3.4 | Number of clients affected | |
| 3.5 | Percentage of clients affected | |
| 3.6 | Number of financial counterparts affected | |
| 3.7 | Percentage of financial counterparts affected | |
| 3.8 | Impact on relevant clients or financial counterparts | |
| 3.9 | Number of affected transactions | |
| 3.10 | Percentage of affected transactions | |
| 3.11 | Value of affected transactions | |
| 3.12 | Information on whether the numbers are actual or estimates, or whether there has not been any impact | |
| 3.13 | Reputational impact | |
| 3.14 | Contextual information about the reputational impact | |
| 3.15 | Duration of the major ICT-related incident | |
| 3.16 | Service downtime | |
| 3.17 | Information on whether the numbers for duration and service downtime are actual or estimates. | |
| 3.18 | Types of impact in the Member States | |
| 3.19 | Description of how the major ICT-related incident has an impact in other Member States | |
| 3.20 | Materiality thresholds for the classification criterion ‘Data losses’ | |
| 3.21 | Description of the data losses | |
| 3.22 | Classification criterion ‘Critical services affected’ | |
| 3.23 | Type of the major ICT-related incident | |
| 3.24 | Other types of incidents | |
| 3.25 | Threats and techniques used by the threat actor | |
| 3.26 | Other types of techniques | |
| 3.27 | Information about affected functional areas and business processes | |
| 3.28 | Affected infrastructure components supporting business processes | |
| 3.29 | Information about affected infrastructure components supporting business processes | |
| 3.30 | Impact on the financial interest of clients | |
| 3.31 | Reporting to other authorities | |
| 3.32 | Specification of ‘other’ authorities | |
| 3.33 | Temporary actions/measures taken or planned to be taken to recover from the incident | |
| 3.34 | Description of any temporary actions and measures taken or planned to be taken to recover from the incident | |
| 3.35 | Indicators of compromise | |
| Content of the final report | ||
| 4.1 | High-level classification of root causes of the incident | |
| 4.2 | Detailed classification of root causes of the incident | |
| 4.3 | Additional classification of root causes of the incident | |
| 4.4 | Other types of root cause types | |
| 4.5 | Information about the root causes of the incident | |
| 4.6 | Incident resolution summary | |
| 4.7 | Date and time when the incident root cause was addressed | |
| 4.8 | Date and time when the incident was resolved | |
| 4.9 | Information if the permanent resolution date of the incident differs from the initially planned implementation date | |
| 4.10 | Assessment of risk to critical functions for resolution purposes | |
| 4.11 | Information relevant for resolution authorities | |
| 4.12 | Materiality threshold for the classification criterion ‘Economic impact’ | |
| 4.13 | Amount of gross direct and indirect costs and losses | |
| 4.14 | Amount of financial recoveries | |
| 4.15 | Information on whether the non-major incidents have been recurring | |
| 4.16 | Date and time of occurrence of recurring incidents | |