+RTS ICT third-party service providers Art. 6, 1
---+RTS ICT third-party service providers Art. 6, 1a
---+RTS ICT third-party service providers Art. 6, 1b
---+RTS ICT third-party service providers Art. 6, 1c
---+RTS ICT third-party service providers Art. 6, 1d
---+RTS ICT third-party service providers Art. 6, 1e
---+RTS ICT third-party service providers Art. 6, 1f
|
1. Overview
RTS ICT third-party service providers Art. 6, 1
1. The policy shall set out an appropriate and proportionate process for selecting and assessing the prospective ICT thirdparty service providers taking into account whether or not the ICT third party service provider is an intragroup ICT service provider, and shall require that the financial entity assesses, before entering into a contractual arrangement, whether the ICT thirdparty service provider:
| Summary |
Regulation |
|
RTS ICT third-party service providers Art. 6, 1a
|
(a) has the business reputation, sufficient abilities, expertise and adequate financial, human and technical resources, information security standards, appropriate organisational structure, risk management and internal controls and, if applicable, the required authorisations or registrations to provide the ICT services supporting the critical or important function in a reliable and professional manner;
|
|
RTS ICT third-party service providers Art. 6, 1b
|
(b) has the ability to monitor relevant technological developments and identify ICT security leading practices and implement them where appropriate to have an effective and sound digital operational resilience framework;
|
|
RTS ICT third-party service providers Art. 6, 1c
|
(c) uses or intends to use ICT sub-contractors to perform the ICT services supporting critical or important functions or material parts thereof;
|
|
RTS ICT third-party service providers Art. 6, 1d
|
(d) is located, or processes or stores the data in a third country and, if this is the case, whether this practice affects the level of operational or reputational risks or the risk of being affected by restrictive measures, including embargos and sanctions, that may impact the ability of the ICT third-party service provider to provide the ICT services or the financial entity to receive those ICT services;
|
|
RTS ICT third-party service providers Art. 6, 1e
|
(e) consents to contractual arrangements that ensure that it is effectively possible to conduct audits at the ICT third- party service provider, including onsite, by the financial entity itself, appointed third parties, and competent authorities;
|
|
RTS ICT third-party service providers Art. 6, 1f
|
(f) acts in an ethical and socially responsible manner, respects human rights and children’s rights, including the prohibition of child labour, respects applicable principles on environmental protection, and ensures appropriate working conditions.
|
1.1 References
1.2 Identified Requirements
1.3 Related Standards
2. Identified Requirements
Requirements
| Source |
Requirement |
3. Related Standards
Standards
| Source |
Requirement |
|