+RTS ICT third-party service providers Art. 6 Due diligence
---+RTS ICT third-party service providers Art. 6, 1
------+RTS ICT third-party service providers Art. 6, 1a
------+RTS ICT third-party service providers Art. 6, 1b
------+RTS ICT third-party service providers Art. 6, 1c
------+RTS ICT third-party service providers Art. 6, 1d
------+RTS ICT third-party service providers Art. 6, 1e
------+RTS ICT third-party service providers Art. 6, 1f
---+RTS ICT third-party service providers Art. 6, 2
---+RTS ICT third-party service providers Art. 6, 3
------+RTS ICT third-party service providers Art. 6, 3a
------+RTS ICT third-party service providers Art. 6, 3b
------+RTS ICT third-party service providers Art. 6, 3c
------+RTS ICT third-party service providers Art. 6, 3d
------+RTS ICT third-party service providers Art. 6, 3e
---+RTS ICT third-party service providers Art. 6, 4
|
1. Overview
RTS ICT third-party service providers Art. 6 Due diligence
Due diligence
| Summary |
Regulation |
|
RTS ICT third-party service providers Art. 6, 1
|
1. The policy shall set out an appropriate and proportionate process for selecting and assessing the prospective ICT thirdparty service providers taking into account whether or not the ICT third party service provider is an intragroup ICT service provider, and shall require that the financial entity assesses, before entering into a contractual arrangement, whether the ICT thirdparty service provider:
|
|
RTS ICT third-party service providers Art. 6, 2
|
2. The policy shall specify the required level of assurance concerning the effectiveness of ICT thirdparty service providers’ risk management framework for the ICT services supporting critical or important functions to be provided by an ICT thirdparty service provider. The policy shall require that the due diligence process includes an assessment of the existence of risk mitigation and business continuity measures and of how their functioning within the ICT third-party service provider is ensured.
|
|
RTS ICT third-party service providers Art. 6, 3
|
3. The policy shall determine the due diligence process for selecting and assessing the prospective ICT thirdparty service providers and shall indicate which of the following elements are to be used for the required level of assurance on the ICT thirdparty service provider’s performance:
|
|
RTS ICT third-party service providers Art. 6, 4
|
4. Financial entities shall ensure an appropriate level of assurance on the ICT third-party service provider’s performance, taking into account the elements listed in paragraph 3, points (a) to (e). Where appropriate, more than one element listed in those points shall be used.
|
1.1 References
1.2 Identified Requirements
1.3 Related Standards
2. Identified Requirements
Requirements
| Source |
Requirement |
3. Related Standards
Standards
| Source |
Requirement |
|