REGULATORY · COMPETITIVE · EU
EU financial sector: ESAs publish first DORA technical standards on ICT and third‑party risk management
Change
The European Supervisory Authorities (EBA, EIOPA and ESMA) published the first set of final draft technical standards under DORA on ICT and third‑party risk management and incident classification (date not specified in excerpt).
Why Now
The ESAs published a first set of final draft technical standards under DORA. The package includes Regulatory Technical Standards (RTS) on the ICT risk management framework and on a simplified ICT risk management framework. It also includes Implementing Technical Standards (ITS) establishing templates for the register of information. The draft RTS on the ICT risk management framework identify further elements related to ICT risk management to harmonise tools, methods, processes and policies, described as complementary to elements identified in DORA.
Impact
- • A set of final draft DORA technical standards has been issued covering ICT risk management and simplified ICT risk management frameworks.
- • Templates have been set via ITS for the register of information.
- • Incident classification is included within the scope of the published standards (as described in the excerpt).
Who Recalculates
- • Financial entities (regulated firms)
- • ICT/operational risk management functions
- • Third-party/vendor risk management functions
- • Incident reporting/compliance functions
Source
Topics
Law & Public Safety Regulatory Actions Compliance Technology & Innovation Cybersecurity