What is an operational and security risk assessment?
An operational and security risk assessment is the process of identifying, analysing and evaluating risk. It is the best way to manage your assessment of whether the cyber security controls you choose are appropriate to the risks your organisation faces.
Under the second payment services directive (PSD2), payment services providers (PSPs) must report to the competent authority with an operational and security risk assessment and analysis of the findings. It may also include the results from the most recent audit and the number of security related customer complaints.
It must be completed at least annually however it can be submitted as frequently as every quarter. In Ireland, the report must be submitted via the Central Bank of Ireland’s ONR.