+RTS ICT third-party service providers Art. 8, 2
---+RTS ICT third-party service providers Art. 8, 2a
---+RTS ICT third-party service providers Art. 8, 2b
---+RTS ICT third-party service providers Art. 8, 2c
---+RTS ICT third-party service providers Art. 8, 2d

1. Overview

RTS ICT third-party service providers Art. 8, 2

2.                The policy shall specify that the relevant contractual arrangements are to include the right for the financial entity to access information, to carry out inspections and audits, and to perform tests on ICT. For that purpose, the policy shall require that the financial entity uses the following methods, without prejudice to the ultimate responsibility of the financial entity:
RTS ICT third-party service providers Art. 8, 2a (a)         its own internal audit or an audit by an appointed third party;
RTS ICT third-party service providers Art. 8, 2b (b)         where appropriate, pooled audits and pooled ICT testing, including threatled penetration testing, that are organised jointly with other contracting financial entities or firms that use ICT services of the same ICT thirdparty service provider and that are performed by those contracting financial entities or firms or by a third party appointed by them;
RTS ICT third-party service providers Art. 8, 2c (c)         where appropriate, third-party certifications;
RTS ICT third-party service providers Art. 8, 2d (d)         where appropriate, internal or thirdparty audit reports made available by the ICT thirdparty service provider.

1.1 References

1.2 Identified Requirements

1.3 Related Standards

2. Identified Requirements

Requirements

3. Related Standards

Standards
Impressum