Regulatory Alerts2024-01-17
Final report on draft RTS to specify the policy on ICT services supporting critical or important functions
The European Supervisory Authorities issued this final report on draft Regulatory Technical Standards to specify the detailed content of the policy on contractual arrangements for ICT services supporting critical or important functions under DORA. The standards require financial entities to adopt and annually review a comprehensive policy that covers the entire lifecycle of third-party ICT arrangements, including risk assessments, due diligence, governance, and exit strategies. These requirements ensure that financial entities maintain control over operational risks, information security, and business continuity while ensuring consistent application across group structures.
Share