Skip to main content
Logo
EnglishEnglish
European Insurance and Occupational Pensions Authority

3021

Q&A

Question ID: 3021

Regulation Reference: (EU) 2022/2554 - Digital Operational Resilience Act (DORA)

Topic: ICT third-party risk management (DORA)

Article: Security and Data Protection Objectives Directly Applicable to CTPP

Status: UnderReview

Date of submission: 29 Feb 2024

Question

1. What are the DORA Objectives directly applicable to CTPP. 2. Which type of CTPP are impacted by DORA. 3. How the audit process would look like. 4. What are the steps in the audit for CTPP. 5. Who would be the auditors assessing the requirements for CTPP. 6. What kind of evidence are required to prove conformance with the CTPP requirements. 7. How scoping will be performed for CTPP, what could be the boundaries.

Background of the question

What is the requirement which need to be followed by the CTPP for a Financial institution to be compliant with the DORA requirement.