1. Übersicht

RTS ICT Third-Party Service Providers Art. 9, 2

2. The policy shall specify how the financial entity is to assess whether the ICT third-party service providers used for the ICT services supporting critical or important functions meet appropriate performance and quality standards in line with the contractual arrangement and the financial entity’s own policies. The policy shall, in particular, ensure the following:

• (a) that the ICT third-party service providers provide appropriate reports on their activities and services to the financial entity, including periodic reports, incidents reports, service delivery reports, reports on ICT security and reports on business continuity measures and testing;
• (b) that the performance of ICT third-party service providers is assessed with key performance indicators, key control indicators, audits, self-certifications and independent reviews in line with the financial entity’s ICT risk management framework;
• (c) that the financial entity receives other relevant information from the ICT third-party service providers;
• (d) that the financial entity is notified, where appropriate, of ICT-related incidents and operational or security payment- related incidents;
• (e) that an independent review and audits verifying compliance with legal and regulatory requirements and policies are performed.

1.1 Referenzen

1.2 Identifizierte Anforderungen

1.3 Related Standards

2. Identifizierte Anforderungen

3. Related Standards

• DORA -

  DORA