Managing vendors supporting critical or important functions - from zero to full compliance with DORA
A summary of key practical steps based on the draft technical standard.
GRIP2 min read
GRIP2 min read
GRIP4 min read
EU DORA RTS - third party contractual arrangements - Art 1
Complexity and risk considerations include:
Article 1 distinguishes between third-service providers located within an EU member state and those located in a third country (Art 1(c)). As well as those providers who are authorised and supervised by a competent authority in an EU member state and those that are not (Art 1(f)).
A practical way of approaching this foundational article is to:
Differentiate between third parties that are:
And two key questions to ask in connection with the location:
Managing vendors supporting critical or important functions - from zero to full compliance with DORA
A summary of key practical steps based on the draft technical standard.
Thomas Hyrkiel, Katarzyna Parchimowicz5 min read
Your DORA questions answered – Extraterritoriality and interaction with existing rules
This last of a series of six articles covering a practical session organised by Ashurst focuses on how DORA will interact with existing rules as well as its extraterritorial effects.
Thomas Hyrkiel3 min read
Your DORA questions answered – ICT services in scope
This second of a series of six articles covering a practical session organised by Ashurst focuses on the ICT services in scope of DORA.
Thomas Hyrkiel3 min read
Technology
Managing vendors supporting critical or important functions - from zero to full compliance with DORA
Technology
Your DORA questions answered – Extraterritoriality and interaction with existing rules
Technology
Your DORA questions answered – ICT services in scope
Developments include: potential standardization of threat-led penetration testing, new oversight director for DORA and ESA's work program.
Nathaniel Lalone | Katten, Ciara McBrien | Katten3 min read
Although non-mandatory and applicable to regulated entities in Germany the practical guidance offers helpful insight into key aspects of the new regime.
Thomas Hyrkiel1 min read
Increasing reliance on digital platforms and a growing threat from bad actors means regulators are giving more attention to cybersecurity compliance.
The mass data breach of the infamous Ashley Madison website offers insight into data privacy and cybersecurity.
Alice Wallbank | Shoosmiths5 min read
A faulty code resulted in one of the most widespread tech outages in recent years for companies using Windows.
Julie DiMauro3 min read
The RTSs focus on ICT-incident reporting, ICT risk management and contractual relationships with third-parties supporting critical or important functions
Thomas Hyrkiel1 min read
How mandatory contract provisions under DORA map to existing regulatory regimes in respect of outsourcing arrangements and highlighting some of the gaps.
Ashurst Partner Bradley Rice addressed some of the key practical challenges of DORA at Global Relay’s gathering of compliance professionals.
Thomas Hyrkiel4 min read
Further Reading