IS.D.OR.225 Response to findings notified by the competent authority

• Regulation (EU) 2022/1645 found in: Information Security (No 2023/203 and 2022/1645) Part-IS (Jun 2024)

IS.D.OR.225 Response to findings notified by the competent authority Regulation (EU) 2022/1645 (a)     After receipt of the notification of findings submitted by the competent authority, the organisation shall: (1)     identify the root cause or causes of, and contributing factors to, the non-compliance; (2)     define a corrective action plan; (3)     demonstrate the correction of the non-compliance to the satisfaction of the competent authority. (b)     The actions referred to in point (a) shall be carried out within the period agreed with the competent authority.