Article 28(3) of Regulation (EU) 2022/2554 (DORA) requires financial entities (FEs), as part of their ICT risk management framework, to maintain and update at entity level, at subconsolidated and consolidated levels, a register of information in relation to all contractual arrangements on the use of ICT services provided by ICT third-party service providers.
In this regard, Article 28(9) mandates the European Supervisory Authorities (ESAs) to develop implementing technical standards (ITS) to establish the standard templates for the purposes of the register of information, including information that is common to all contractual arrangements on the use of ICT services.
Bizoneo for DORA offers a fully integrated and dedicated module to allow financiel entites to easily prepare the register.