+RTS ICT third-party service providers Art. 9 Monitoring of the contractual arrangements
---+RTS ICT third-party service providers Art. 9, 1
---+RTS ICT third-party service providers Art. 9, 2
------+RTS ICT third-party service providers Art. 9, 2a
------+RTS ICT third-party service providers Art. 9, 2b
------+RTS ICT third-party service providers Art. 9, 2c
------+RTS ICT third-party service providers Art. 9, 2d
------+RTS ICT third-party service providers Art. 9, 2e
---+RTS ICT third-party service providers Art. 9, 3
---+RTS ICT third-party service providers Art. 9, 4
|
1. Overview
RTS ICT third-party service providers Art. 9 Monitoring of the contractual arrangements
Monitoring of the contractual arrangements
| Summary |
Regulation |
|
RTS ICT third-party service providers Art. 9, 1
|
1. The policy shall require that the contractual arrangements specify the measures and key indicators to monitor, on an ongoing basis, the performance of ICT third party service providers, including measures to monitor compliance with requirements regarding the confidentiality, availability, integrity and authenticity of data and information, and the compliance of the ICT third-party service providers with the financial entity’s relevant policies and procedures. The policy shall also specify measures that apply when service level agreements are not met, including contractual penalties where appropriate.
|
|
RTS ICT third-party service providers Art. 9, 2
|
2. The policy shall specify how the financial entity is to assess whether the ICT third-party service providers used for the ICT services supporting critical or important functions meet appropriate performance and quality standards in line with the contractual arrangement and the financial entity’s own policies. The policy shall, in particular, ensure the following:
|
|
RTS ICT third-party service providers Art. 9, 3
|
3. The policy shall specify that the assessment referred to in paragraph 2 is to be documented and its results to be used to update the financial entity’s risk assessment referred to in Article 6.
|
|
RTS ICT third-party service providers Art. 9, 4
|
4. The policy shall establish the appropriate measures that the financial entity is to adopt if it identifies shortcomings of the ICT thirdparty service providers, including ICTrelated incidents and operational or security payment related incidents, in the provision of the ICT services supporting critical or important functions or in the compliance with contractual arrangements or legal requirements. It shall also specify how the implementation of such measures is to be monitored in order to ensure that they are effectively complied with within a defined timeframe, taking into account the materiality of the shortcomings.
|
1.1 References
1.2 Identified Requirements
1.3 Related Standards
2. Identified Requirements
Requirements
| Source |
Requirement |
3. Related Standards
Standards
| Source |
Requirement |
|