+RTS ICT third-party service providers Art. 8, 3
---+RTS ICT third-party service providers Art. 8, 3a
---+RTS ICT third-party service providers Art. 8, 3b
---+RTS ICT third-party service providers Art. 8, 3c
---+RTS ICT third-party service providers Art. 8, 3d
---+RTS ICT third-party service providers Art. 8, 3e
---+RTS ICT third-party service providers Art. 8, 3f
---+RTS ICT third-party service providers Art. 8, 3g
---+RTS ICT third-party service providers Art. 8, 3h
|
1. Overview
RTS ICT third-party service providers Art. 8, 3
3. The financial entity shall not over time rely solely on certifications referred to in paragraph 2, point (c), or audit reports referred to in point (d) of that paragraph. The policy shall only permit the use of the methods referred to in paragraph 2, points (c) and (d), where the financial entity:
| Summary |
Regulation |
|
RTS ICT third-party service providers Art. 8, 3a
|
(a) is satisfied with the audit plan of the ICT third-party service provider for the relevant contractual arrangements;
|
|
RTS ICT third-party service providers Art. 8, 3b
|
(b) ensures that the scope of the certifications or audit reports cover the systems and key controls identified by it and ensures compliance with relevant regulatory requirements;
|
|
RTS ICT third-party service providers Art. 8, 3c
|
(c) thoroughly assesses the content of the certifications or audit reports on an ongoing basis and verifies that the reports or certifications are not obsolete;
|
|
RTS ICT third-party service providers Art. 8, 3d
|
(d) ensures that key systems and controls are covered in future versions of the certification or audit report;
|
|
RTS ICT third-party service providers Art. 8, 3e
|
(e) is satisfied with the aptitude of the certifying or auditing party;
|
|
RTS ICT third-party service providers Art. 8, 3f
|
(f) is satisfied that the certifications are issued, and the audits are performed against widely recognised relevant professional standards and include a test of the operational effectiveness of the key controls in place;
|
|
RTS ICT third-party service providers Art. 8, 3g
|
(g) has the contractual right to request, with a frequency that is reasonable and legitimate from a risk management perspective, modifications of the scope of the certifications or audit reports to other relevant systems and controls;
|
|
RTS ICT third-party service providers Art. 8, 3h
|
(h) has the contractual right to perform individual and pooled audits at its discretion with regard to the contractual arrangements and execute those rights in line with the agreed frequency.
|
1.1 References
1.2 Identified Requirements
1.3 Related Standards
2. Identified Requirements
Requirements
| Source |
Requirement |
3. Related Standards
Standards
| Source |
Requirement |
|