Content library
Secure development
Stress testing after major changes
Development and cloud
Secure development

Stress testing after major changes

Start free trial

Task description

Stress testing after major changes

Following significant changes to their ICT systems, central counterparties (CCPs) and central securities depositories (CSDs) must submit their ICT systems to stringent testing under simulated stressed conditions. This is critical to ensure that systems continue to perform reliably, securely, and resiliently under adverse or extreme circumstances.

Central Counterparties (CCPs) must, as appropriate, involve the following stakeholders in both the design and conduct of the stress testing:

  • Clearing members and clients,
  • Interoperable central counterparties,
  • Other interested parties (e.g., relevant service providers or market participants impacted by the CCP’s operations).

Central Securities Depositories (CSDs) must, as appropriate, involve the following stakeholders in the design and conduct of the stress testing:

  • Users of the CSD services,
  • Critical utilities and critical service providers supporting operational or infrastructure needs,
  • Other central securities depositories,
  • Other market infrastructures (such as trading venues or payment systems),
  • Any other institutions identified in the CSD’s ICT business continuity policy as having operational interdependencies.

Requirements connected to the task

No items found.

Other tasks from the same security theme

Task name
Priority
Policy
Other requirements
Definition of done and testing principles
Critical
High
Normal
Low
Secure development
12
requirements

Examples of other requirements this task affects

14.2.3: Technical review of applications after operating platform changes
ISO 27001
14.2.9: System acceptance testing
ISO 27001
8.29: Security testing in development and acceptance
ISO 27001
CC8.1: Change management procedures
SOC 2
PR.IP-2: A System Development Life Cycle to manage systems is implemented.
CyberFundamentals
See all related requirements and other information from tasks own page.
Go to >
Definition of done and testing principles
Separation of production, testing and development environments
Critical
High
Normal
Low
Secure development
46
requirements

Examples of other requirements this task affects

12.1.4: Separation of development, testing and operational environments
ISO 27001
12.5.1: Installation of software on operational systems
ISO 27001
14.2.6: Secure development environment
ISO 27001
PR.DS-7: The development and testing environments
NIST
MWP-06: Safe running of unknown code
Cyber Essentials
See all related requirements and other information from tasks own page.
Go to >
Separation of production, testing and development environments
Documentation of security metrics related to application security
Critical
High
Normal
Low
Secure development
3
requirements

Examples of other requirements this task affects

No items found.
See all related requirements and other information from tasks own page.
Go to >
Documentation of security metrics related to application security
Due diligence in the selection of software components
Critical
High
Normal
Low
Secure development
2
requirements

Examples of other requirements this task affects

Article 13.5: Due diligence
CRA
See all related requirements and other information from tasks own page.
Go to >
Due diligence in the selection of software components
Public software archive
Critical
High
Normal
Low
Secure development
1
requirements

Examples of other requirements this task affects

Article 13.11: Public software archive
CRA
See all related requirements and other information from tasks own page.
Go to >
Public software archive
Technical documentation for products
Critical
High
Normal
Low
Secure development
1
requirements

Examples of other requirements this task affects

Article 13.12: Technical documentation
CRA
See all related requirements and other information from tasks own page.
Go to >
Technical documentation for products
Stress testing after major changes
Critical
High
Normal
Low
Secure development
1
requirements

Examples of other requirements this task affects

No items found.
See all related requirements and other information from tasks own page.
Go to >
Stress testing after major changes
Establishing change management procedures
Critical
High
Normal
Low
Secure development
1
requirements

Examples of other requirements this task affects

No items found.
See all related requirements and other information from tasks own page.
Go to >
Establishing change management procedures
Direct data entry of the electronic transfer standard
Critical
High
Normal
Low
Secure development
1
requirements

Examples of other requirements this task affects

No items found.
See all related requirements and other information from tasks own page.
Go to >
Direct data entry of the electronic transfer standard
Security in the product development process
Critical
High
Normal
Low
Secure development
2
requirements

Examples of other requirements this task affects

Article 13.1(.1): Appropriate level of cybersecurity
CRA
See all related requirements and other information from tasks own page.
Go to >
Security in the product development process
Establishing and managing an inventory of third-party software components
Critical
High
Normal
Low
Secure development
1
requirements

Examples of other requirements this task affects

16.4: Establish and Manage an Inventory of Third-Party Software Components
CIS 18
See all related requirements and other information from tasks own page.
Go to >
Establishing and managing an inventory of third-party software components
Integrating security into the organization's urgent change processes
Critical
High
Normal
Low
Secure development
1
requirements

Examples of other requirements this task affects

2.10.4: Integrate security into the organisation’s urgent change processes
NSM ICT-SP
See all related requirements and other information from tasks own page.
Go to >
Integrating security into the organization's urgent change processes
Testing security functions that are affected by the changes to ICT systems
Critical
High
Normal
Low
Secure development
2
requirements

Examples of other requirements this task affects

2.10.3: Test affected security functions
NSM ICT-SP
Article 36: ICT security testing
DORA simplified RMF
See all related requirements and other information from tasks own page.
Go to >
Testing security functions that are affected by the changes to ICT systems
Using data system risk assessments to determine separation needs
Critical
High
Normal
Low
Secure development
2
requirements

Examples of other requirements this task affects

5.2.2: Seperation of testing and development environments
TISAX
See all related requirements and other information from tasks own page.
Go to >
Using data system risk assessments to determine separation needs
Change management procedure for significant changes to data processing services
Critical
High
Normal
Low
Secure development
45
requirements

Examples of other requirements this task affects

14.2.2: System change control procedures
ISO 27001
14.2.4: Restrictions on changes to software packages
ISO 27001
PR.DS-6: Integrity checking
NIST
TEK-17: Muutoshallintamenettelyt
Julkri
8.32: Change management
ISO 27001
See all related requirements and other information from tasks own page.
Go to >
Change management procedure for significant changes to data processing services
Restoration strategy
Critical
High
Normal
Low
Secure development
9
requirements

Examples of other requirements this task affects

12.3: Backup
ISO 27001
12.5: Control of operational software
ISO 27001
12.3.1: Information backup
ISO 27001
12.5.1: Installation of software on operational systems
ISO 27001
14.2.2: System change control procedures
ISO 27001
See all related requirements and other information from tasks own page.
Go to >
Restoration strategy
Process for monitoring and tracking outsourced development work
Critical
High
Normal
Low
Secure development
33
requirements

Examples of other requirements this task affects

14.2.7: Outsourced development
ISO 27001
DE.CM-6: External service provider activity monitoring
NIST
8.28: Secure coding
ISO 27001
8.30: Outsourced development
ISO 27001
21.2.e: Secure system acquisition and development
NIS2
See all related requirements and other information from tasks own page.
Go to >
Process for monitoring and tracking outsourced development work
Guidelines for secure development
Critical
High
Normal
Low
Secure development
45
requirements

Examples of other requirements this task affects

14.2.1: Secure development policy
ISO 27001
14.2.5: Secure system engineering principles
ISO 27001
TEK-14: Ohjelmistojen turvallisuuden varmistaminen
Julkri
8.25: Secure development life cycle
ISO 27001
8.27: Secure system architecture and engineering principles
ISO 27001
See all related requirements and other information from tasks own page.
Go to >
Guidelines for secure development
Source code management
Critical
High
Normal
Low
Secure development
10
requirements

Examples of other requirements this task affects

9.4.5: Access control to program source code
ISO 27001
14.2.6: Secure development environment
ISO 27001
8.4: Access to source code
ISO 27001
8.31: Separation of development, test and production environments
ISO 27001
CC8.1: Change management procedures
SOC 2
See all related requirements and other information from tasks own page.
Go to >
Source code management
Listing authorized users for publishing code changes
Critical
High
Normal
Low
Secure development
10
requirements

Examples of other requirements this task affects

12.5: Control of operational software
ISO 27001
12.5.1: Installation of software on operational systems
ISO 27001
14.2.2: System change control procedures
ISO 27001
14.2.7: Outsourced development
ISO 27001
8.19: Installation of software on operational systems
ISO 27001
See all related requirements and other information from tasks own page.
Go to >
Listing authorized users for publishing code changes
General rules for reviewing and publishing code
Critical
High
Normal
Low
Secure development
12
requirements

Examples of other requirements this task affects

14.2.2: System change control procedures
ISO 27001
14.2.3: Technical review of applications after operating platform changes
ISO 27001
TEK-14: Ohjelmistojen turvallisuuden varmistaminen
Julkri
8.28: Secure coding
ISO 27001
8.32: Change management
ISO 27001
See all related requirements and other information from tasks own page.
Go to >
General rules for reviewing and publishing code
Encryption of public network traffic for application services
Critical
High
Normal
Low
Secure development
16
requirements

Examples of other requirements this task affects

13.2.3: Electronic messaging
ISO 27001
14.1.2: Securing application services on public networks
ISO 27001
14.1.3: Protecting application services transactions
ISO 27001
14.2.5: Secure system engineering principles
ISO 27001
PR.DS-2: Data-in-transit
NIST
See all related requirements and other information from tasks own page.
Go to >
Encryption of public network traffic for application services
Encryption of user password information
Critical
High
Normal
Low
Secure development
13
requirements

Examples of other requirements this task affects

9.4.2: Secure log-on procedures
ISO 27001
10.1.1: Policy on the use of cryptographic controls
ISO 27001
14.1.3: Protecting application services transactions
ISO 27001
14.2.5: Secure system engineering principles
ISO 27001
8.5: Secure authentication
ISO 27001
See all related requirements and other information from tasks own page.
Go to >
Encryption of user password information
Protection and minimisation of test data
Critical
High
Normal
Low
Secure development
27
requirements

Examples of other requirements this task affects

14.3.1: Protection of test data
ISO 27001
8.33: Test information
ISO 27001
21.2.e: Secure system acquisition and development
NIS2
5.3.1: Information Security in new systems
TISAX
9.3 §: Tietojärjestelmien hankinta ja kehittäminen
Kyberturvallisuuslaki
See all related requirements and other information from tasks own page.
Go to >
Protection and minimisation of test data
Designing Secure Software Development Life Cycle(SSDLC) process
Critical
High
Normal
Low
Secure development
8
requirements

Examples of other requirements this task affects

PR.IP-2: A System Development Life Cycle
NIST
PR.IP-2: A System Development Life Cycle to manage systems is implemented.
CyberFundamentals
2.1.5: Use a secure software development method
NSM ICT-SP
PR.PS-06: Secure software development practices
NIST 2.0
16.1: Establish and Maintain a Secure Application Development Process
CIS 18
See all related requirements and other information from tasks own page.
Go to >
Designing Secure Software Development Life Cycle(SSDLC) process
Automated secure code deployment and release
Critical
High
Normal
Low
Secure development
3
requirements

Examples of other requirements this task affects

2.1.5: Use a secure software development method
NSM ICT-SP
2.1.8: Maintain the software code developed/used by the organisation
NSM ICT-SP
See all related requirements and other information from tasks own page.
Go to >
Automated secure code deployment and release
Built in and default cyber security in system development (Security by design)
Critical
High
Normal
Low
Secure development
9
requirements

Examples of other requirements this task affects

2.1.5: Use a secure software development method
NSM ICT-SP
16.10: Apply Secure Design Principles in Application Architectures
CIS 18
16.14: Conduct Threat Modeling
CIS 18
Article 13.1(.1): Appropriate level of cybersecurity
CRA
5.38: HLT – Analyse en specificatie van informatiebeveiligingseisen
NEN 7510
See all related requirements and other information from tasks own page.
Go to >
Built in and default cyber security in system development (Security by design)
Built in and default data protection in systems development (Privacy by design)
Critical
High
Normal
Low
Secure development
1
requirements

Examples of other requirements this task affects

No items found.
See all related requirements and other information from tasks own page.
Go to >
Built in and default data protection in systems development (Privacy by design)
Approval from the data owner for using production data for testing purposes
Critical
High
Normal
Low
Secure development
1
requirements

Examples of other requirements this task affects

No items found.
See all related requirements and other information from tasks own page.
Go to >
Approval from the data owner for using production data for testing purposes
Safe running of unknown code
Critical
High
Normal
Low
Secure development
2
requirements

Examples of other requirements this task affects

MWP-06: Safe running of unknown code
Cyber Essentials
MWP: Application sandboxing
Cyber Essentials
See all related requirements and other information from tasks own page.
Go to >
Safe running of unknown code
Kriittisten ohjelmistojen toteutuksen säännöllinen tarkastaminen
Critical
High
Normal
Low
Secure development
1
requirements

Examples of other requirements this task affects

TEK-14: Ohjelmistojen turvallisuuden varmistaminen
Julkri
See all related requirements and other information from tasks own page.
Go to >
Kriittisten ohjelmistojen toteutuksen säännöllinen tarkastaminen
Ensuring the coverage of new IT system development requirements
Critical
High
Normal
Low
Secure development
2
requirements

Examples of other requirements this task affects

5.3.1: Information Security in new systems
TISAX
5.38: HLT – Analyse en specificatie van informatiebeveiligingseisen
NEN 7510
See all related requirements and other information from tasks own page.
Go to >
Ensuring the coverage of new IT system development requirements
Maintaining a release log
Critical
High
Normal
Low
Secure development
4
requirements

Examples of other requirements this task affects

12.5: Control of operational software
ISO 27001
12.5.1: Installation of software on operational systems
ISO 27001
8.19: Installation of software on operational systems
ISO 27001
8.19: Software installeren op besturingssystemen
NEN 7510
See all related requirements and other information from tasks own page.
Go to >
Maintaining a release log
Secure setting and distribution of temporary login information
Critical
High
Normal
Low
Secure development
5
requirements

Examples of other requirements this task affects

9.2.4: Management of secret authentication information of users
ISO 27001
5.17: Authentication information
ISO 27001
5.17: Authenticatiegegevens
NEN 7510
See all related requirements and other information from tasks own page.
Go to >
Secure setting and distribution of temporary login information
Regular critical code identification and verification
Critical
High
Normal
Low
Secure development
33
requirements

Examples of other requirements this task affects

14.2.3: Technical review of applications after operating platform changes
ISO 27001
14.2.5: Secure system engineering principles
ISO 27001
14.2.9: System acceptance testing
ISO 27001
8.27: Secure system architecture and engineering principles
ISO 27001
21.2.e: Secure system acquisition and development
NIS2
See all related requirements and other information from tasks own page.
Go to >
Regular critical code identification and verification
Specific safeguards for production data used for testing
Critical
High
Normal
Low
Secure development
25
requirements

Examples of other requirements this task affects

14.3.1: Protection of test data
ISO 27001
8.33: Test information
ISO 27001
21.2.e: Secure system acquisition and development
NIS2
2.1.6: Use separate environments for development, test and production
NSM ICT-SP
30 § 3.5°: L'acquisition, du développement et de la maintenance des réseaux et des systèmes d'information
NIS2 Belgium
See all related requirements and other information from tasks own page.
Go to >
Specific safeguards for production data used for testing

Never duplicate effort. Do it once - improve compliance across frameworks.

Reach multi-framework compliance in the simplest possible way
Security frameworks tend to share the same core requirements - like risk management, backup, malware, personnel awareness or access management.
Cyberday maps all frameworks’ requirements into shared tasks - one single plan that improves all frameworks’ compliance.
Do it once - we automatically apply it to all current and future frameworks.
Start free trial
Get to know Cyberday
Start your free trial
Cyberday is your all-in-one solution for building a secure and compliant organization. Whether you're setting up a cyber security plan, evaluating policies, implementing tasks, or generating automated reports, Cyberday simplifies the entire process.
With AI-driven insights and a user-friendly interface, it's easier than ever to stay ahead of compliance requirements and focus on continuous improvement.
Clear framework compliance plans
Activate relevant frameworks and turn them into actionable policies tailored to your needs.
Credible reports to proof your compliance
Use guided tasks to ensure secure implementations and create professional reports with just a few clicks.
AI-powered improvement suggestions
Focus on the most impactful improvements in your compliance with help from Cyberday AI.
Effortless compliance improvement
Widest framework library in EU
Extensive support

Start your compliance journey

Use in MS Teams or use your browser with Slack integration.
Risk free trial. No credit card required. Stop at any time.

Start free 14-day trial
Book a meeting
How it works?
SummarySecurity tasks and assuranceDocumentation workflowsEmployee guidelinesReporting templates
Use cases
By frameworkAll frameworksISO 27001NIS2 directiveNIST CSFCSA CCMISO 27701GDPRISO 27017ISO 27018
By methodCyber risk managementEmployee awarenessCompliance reportingControl managementAsset managementPrivacy managementVendor assessments
Resources
AcademyWebinarsBlogHelp articlesVideo coursesContent libraryGuidesNewsletterLeave a reviewPartner programTeamTerms of usePrivacy policy
Contact us
+358 10 231 6010
team@cyberday.ai
App works in:
Known in Finland as Digiturvamalli
© Cyberday Inc. Kalevantie 2 33100 Tampere, Finland
Cyberday.ai - Improve and certify your cyber security
No items found.