+DORA Ch. V Sec. I Art. 30 1.

1. Overview

DORA Ch. V Sec. I Art. 30 1.

1. The rights and obligations of the financial entity and of the ICT third-party service provider shall be clearly allocated and set out in writing. The full contract shall include the service level agreements and be documented in one written document which shall be available to the parties on paper, or in a document with another downloadable, durable and accessible format.

1.1 References

1.2 Identified Requirements

1.3 Related Standards

2. Identified Requirements

Requirements

3. Related Standards

Standards
NOREA Termination Rights and Conditions
Define explicit termination rights including significant breaches of laws, regulations, or contract terms, material changes in third-party risks, demonstrated ICT weaknesses, and regulator oversight constraints. Set provisions for ensuring access, recovery, and return of data in an easily accessible format in cases of termination, insolvency, resolution, or discontinuation of the service provider's business operations.
NOREA Service Level Management
Define clear and measurable service level descriptions outlining expected performance and quality standards. Ensure that the service provider provides a comprehensive description of all functions and ICT services that are offered, including any sub-contracting arrangements. Establish arrangements ensuring appropriate levels of data protection in line with regulatory requirements.
NOREA Service Locations and Data Processing
Specify service locations and data processing sites. Require timely notification of any intended changes to these locations.
NOREA Cooperation in Incident Response
Oblige the ICT third-party service provider to fully cooperate with the regulator and provide necessary assistance in the event of an incident related to the provided service.
NOREA Participation in Security Awareness Programs
Specify conditions for the participation of the service provider in security awareness and resilience programs/trainings.
Impressum