+Selection Criteria

1. Overview

Selection Criteria

Take the following into account when selecting and assessing the service provider: audits conducted by the financial entity or on its behalf, third-party certifications, independent audit reports, internal audit function reports, and publicly available information. Confirm adherence to ethical, social, human, and environmental (sustainability) principles, encompassing appropriate working conditions including the prohibition of child labour. Assess if the service provider operates in a third country and evaluate if this practice heightens operational, reputational, or sanctions-related risks. Secure consent from the service provider for effective audit conduct, both onsite and by designated parties, including auditors from the financial entity, external (third-party auditors), and by competent authorities (such as the regulator). Verify if the service provider intends to engage ICT sub-contractors for substantial portions of their services.

Summary	Standard

1.1 References

1.2 Identified Requirements

1.2 Related Regulation

2. Identified Requirements

Requirements
Source	Requirement

3. Related Regulations

Regulations
Source	Regulation

NOREA -
NOREA, de beroepsorganisatie van IT-auditors - DORA in Control Framework