+RTS ICT Third-Party Service Providers Art. 8, 2
|
1. Overview
RTS ICT Third-Party Service Providers Art. 8, 2
2. The policy shall specify that the relevant contractual arrangements are to include the right for the financial entity to access information, to carry out inspections and audits, and to perform tests on ICT. For that purpose, the policy shall require that the financial entity uses the following methods, without prejudice to the ultimate responsibility of the financial entity:
- (a) its own internal audit or an audit by an appointed third party;
- (b) where appropriate, pooled audits and pooled ICT testing, including threat-led penetration testing, that are organised jointly with other contracting financial entities or firms that use ICT services of the same ICT third-party service provider and that are performed by those contracting financial entities or firms or by a third party appointed by them;
- (c) where appropriate, third-party certifications;
- (d) where appropriate, internal or third-party audit reports made available by the ICT third-party service provider.
1.1 References
1.2 Identified Requirements
1.3 Related Standards
2. Identified Requirements
Requirements
| Source |
Requirement |
3. Related Standards
Standards
| Source |
Requirement |
|