DORA has been mandatory since January 17, 2025 for banks, insurance companies, investment firms and payment service providers. At its core, DORA requires structured management of all ICT third-party risks.
What does DORA specifically require?
DORA requires financial service providers to address five core areas: ICT risk management, incident management, resilience testing, management of ICT third-party risks and information exchange.
Financial entities must maintain a complete register of all contractual arrangements with ICT third-party service providers and monitor them on an ongoing basis.
ICT Third-Party Register under DORA
DORA requires a complete register of all ICT third-party service providers — with classification, risk assessment, contract status and monitoring results. 360TPRM delivers this register as a structured database.
How does 360TPRM support DORA implementation?
360TPRM covers all DORA requirements: structured register, automated monitoring, Concentration Risk analysis and complete audit documentation.
For critical ICT third-party service providers, DORA provides for fines of up to 5 million euros per violation.
Related Topics
FAQ
DORA compliance with 360TPRM
See in a 45-minute demo how 360TPRM specifically meets your requirements.
Request free demo →