Full resource package for DORA RTS & ITS
- Learn about DORA pillars, RTS and ITS and its main challenges
- The 15 official DORA Register of Information Excel-sheets
- Generate official reports with on click to report to authorities
- The timeline of Information Register and what happens next
Simplify your Register of Information
With Formalize you can easily manage and connect all your DORA compliance data in relation to the DORA RTS and ITS. For ROI, this includes business functions, contracts, ICT services, and suppliers, all easy exportable to report to authorities in required official format.
All Questions Answered
What do I need to comply with in DORA?
The DORA requirements consist of 5 main pillars: ICT Risk Management, ICT-Related Incident Reporting, Digital Operational Resilience Testing, Management of ICT Third-Party Risk, Information and Intelligence Sharing.
What are RTS and ITS?
The Regulatory Technical Standards (RTS) and the Implementing Technical Standards (ITS) provide companies with concrete assistance in implementing the requirements and provisions of the DORA Regulation. The RTS are binding technical standards. They specify the requirements set out in DORA and determine how these are to be implemented in practice. The ITS supplement the RTS by specifying detailed implementation instructions and necessary processes to meet the requirements of the RTS. Just like the RTS, compliance with the ITS is mandatory.
The European Supervisory Authorities (ESAs) are responsible for the design of the two standards, consisting of the European Banking Authority (EBA), the European Securities and Markets Authority (ESMA), and the European Insurance and Occupational Pensions Authority (EIOPA).
What are the DORA RTS and ITS?
The following RTS and ITS are published until now:
- ITS to establish the templates for the Register of information (Art. 28.9)
- RTS on ICT risk management framework (Art. 15)
- RTS on simplified ICT risk management framework (Art. 16)
- RTS on criteria for the classification of major ICT-related incidents (Art. 18.3)
- RTS to specify the policy on ICT services (Art. 28.10)
- ITS to establish the forms, templates and procedures for major ICT-related incident reporting (Art. 20.b)
- RTS on specifying the content and reporting timelines for major ICT-related incidents (Art. 20.a)
- RTS to specify threat led penetration testing (Art. 26.11)
- RTS to specify elements when sub-contracting critical or important functions (Art. 30.5)
- RTS to specify information on oversight conduct (Art. 41)
What is ROI?
Register of Information: “The gathered information that documents to the authorities that the organization is in compliance with DORA."
The ROI requires information about: Business Functions (critical functions the financial entities provide), ICT Services (systems) that supports theses business functions, ICT Service Providers (Suppliers) that provide the services, Including their supply chain (Sub-Suppliers), Contractual Agreements (Contracts).
- Business Functions (critical functions the financial entities provide)
- ICT Services (systems) that supports these business functions
- ICT Service Providers (Suppliers) that provide the services
- Including their supply chain (Sub-Suppliers)
- Contractual Agreements (Contracts)
How does Formalize ensure seamless compliance?
Formalize automates the reporting process, validating data at the time of entry to address common challenges such as missing mandatory fields and unique identifiers. By leveraging advanced validation and error detection tools, Formalize ensures your submissions meet regulatory standards without the pitfalls of manual processes. Furthermore, Formalize’s scalable platform is designed to adapt to evolving regulations, ensuring your compliance process remains future-proof. This flexibility is critical in meeting the iterative requirements set by the ESAs.