+RTS ICT third-party service providers Art. 1 Overall risk profile and complexity
---+RTS ICT third-party service providers Art. 1, a
---+RTS ICT third-party service providers Art. 1, b
---+RTS ICT third-party service providers Art. 1, c
---+RTS ICT third-party service providers Art. 1, d
---+RTS ICT third-party service providers Art. 1, e
---+RTS ICT third-party service providers Art. 1, f
---+RTS ICT third-party service providers Art. 1, g
---+RTS ICT third-party service providers Art. 1, h
---+RTS ICT third-party service providers Art. 1, i
---+RTS ICT third-party service providers Art. 1, j
|
1. Overview
RTS ICT third-party service providers Art. 1 Overall risk profile and complexity
Overall risk profile and complexityThe policy on the use of ICT services supporting critical or important functions provided by ICT third-party serviceproviders (the ‘policy’) shall take into account the size and the overall risk profile of the financial entity, and the nature,scale and elements of increased or reduced complexity of its services, activities and operations, including elements relatingto:
| Summary |
Regulation |
|
RTS ICT third-party service providers Art. 1, a
|
(a) the type of ICT services included in the contractual arrangement on the use of ICT services supporting critical or important functions provided by ICT thirdparty service providers (the ‘contractual arrangement’) between the financial entity and the ICT thirdparty service provider;
|
|
RTS ICT third-party service providers Art. 1, b
|
(b) the location of the ICT third-party service provider or the location of its parent company;
|
|
RTS ICT third-party service providers Art. 1, c
|
(c) whether the ICT services supporting critical or important functions are provided by an ICT third-party service provider located within a Member State or in a third country, also considering the location from where the ICT services are provided and the location where the data is processed and stored;
|
|
RTS ICT third-party service providers Art. 1, d
|
(d) the nature of the data shared with the ICT third-party service provider;
|
|
RTS ICT third-party service providers Art. 1, e
|
(e) whether the ICT third-party service provider is part of the same group as the financial entity to which the services are provided;
|
|
RTS ICT third-party service providers Art. 1, f
|
(f) the use of ICT thirdparty service providers that are authorised, registered or subject to supervision or oversight by a competent authority in a Member State or subject to the oversight framework under Chapter V, Section II, of Regulation (EU) 2022/2554, and the use of ICT thirdparty service providers that are not;
|
|
RTS ICT third-party service providers Art. 1, g
|
(g) the use of ICT thirdparty service providers that are authorised, registered or subject to supervision or oversight by a supervisory authority in a third country, and the use of ICT thirdparty service providers that are not;
|
|
RTS ICT third-party service providers Art. 1, h
|
(h) whether the provision of ICT services supporting critical or important functions are concentrated to a single ICT third-party service provider or a small number of such service providers;
|
|
RTS ICT third-party service providers Art. 1, i
|
(i) the transferability of the ICT services supporting critical or important functions to another ICT third-party service provider, including as a result of technology specificities;
|
|
RTS ICT third-party service providers Art. 1, j
|
(j) the potential impact of disruptions in the provision of the ICT services supporting critical or important functions on the continuity of the financial entity’s activities and on the availability of its services.
|
1.1 References
1.2 Identified Requirements
1.3 Related Standards
2. Identified Requirements
Requirements
| Source |
Requirement |
3. Related Standards
Standards
| Source |
Requirement |
|