Full resource package for DORA RTS & ITS

  • icons Learn about DORA pillars, RTS and ITS and its main challenges
  • icons The 15 official DORA Register of Information Excel-sheets
  • icons Generate official reports with on click to report to authorities
  • icons The timeline of Information Register and what happens next
images

Simplify your Register of Information

With Formalize you can easily manage and connect all your DORA compliance data in relation to the DORA RTS and ITS. For ROI, this includes business functions, contracts, ICT services, and suppliers, all easy exportable to report to authorities in required official format.

thumb
logo
logo
logo
logo
logo
logo

All Questions Answered

icon

What do I need to comply with in DORA?

The DORA requirements consist of 5 main pillars: ICT Risk Management, ICT-Related Incident Reporting, Digital Operational Resilience Testing, Management of ICT Third-Party Risk, Information and Intelligence Sharing.

icon

What are RTS and ITS?

The Regulatory Technical Standards (RTS) and the Implementing Technical Standards (ITS) provide companies with concrete assistance in implementing the requirements and provisions of the DORA Regulation. The RTS are binding technical standards. They specify the requirements set out in DORA and determine how these are to be implemented in practice. The ITS supplement the RTS by specifying detailed implementation instructions and necessary processes to meet the requirements of the RTS. Just like the RTS, compliance with the ITS is mandatory.

The European Supervisory Authorities (ESAs) are responsible for the design of the two standards, consisting of the European Banking Authority (EBA), the European Securities and Markets Authority (ESMA), and the European Insurance and Occupational Pensions Authority (EIOPA).

icon

What are the DORA RTS and ITS?

The following RTS and ITS are published until now:

  • ITS to establish the templates for the Register of information (Art. 28.9)
  • RTS on ICT risk management framework (Art. 15)
  • RTS on simplified ICT risk management framework (Art. 16)
  • RTS on criteria for the classification of major ICT-related incidents (Art. 18.3)
  • RTS to specify the policy on ICT services (Art. 28.10)
  • ITS to establish the forms, templates and procedures for major ICT-related incident reporting (Art. 20.b)
  • RTS on specifying the content and reporting timelines for major ICT-related incidents (Art. 20.a)
  • RTS to specify threat led penetration testing (Art. 26.11)
  • RTS to specify elements when sub-contracting critical or important functions (Art. 30.5)
  • RTS to specify information on oversight conduct (Art. 41)
icon

What is ROI?

Register of Information: “The gathered information that documents to the authorities that the organization is in compliance with DORA."

The ROI requires information about: Business Functions (critical functions the financial entities provide), ICT Services (systems) that supports theses business functions, ICT Service Providers (Suppliers) that provide the services, Including their supply chain (Sub-Suppliers), Contractual Agreements (Contracts).

  • Business Functions (critical functions the financial entities provide)
  • ICT Services (systems) that supports these business functions
  • ICT Service Providers (Suppliers) that provide the services
  • Including their supply chain (Sub-Suppliers)
  • Contractual Agreements (Contracts)
icon

Where can I see an example of the reporting format?

The reporting format is split into 15 excel templates based on the structure of the Register of Information. You can find the tempaltes to be filled in here: Access the template through ROI Paper

Book a demo