Search QAs

Regulation DORA Chapter 4. Article 25 states that "execution of appropriate tests, such as (..) source code reviews where feasible" must be conducted. In contrast the technical standard Risk management framework Chapter I. Article 16. paragraph 3.states: "The procedure referred to in paragraph 2 sha…

I am trying to find out if the company I work for as a freelance IT consultant falls under DORA regulations, so I would know what to plan for this year. We are financial brokers, and deal with big companies like BP, Shell, etc. But I don't know if we fall under their supply chain, as we only connect…

We are software firm building a platform for auditors in the governance, risk and compliance space, especially DORA. We wanted to ask are there any resources available to help firms create solutions around the DORA regulation - for instance to design software that includes the regulatory requirement…

In articles 27 and 28 DORA it is stated that a TLPT test must take place if we are a critical supplier. According to the DORA legislation itself, you assign whether we are critical or not. Because I cannot find where and how this should be requested from you, I will do it this way.

I am contacting you regarding a question of data modelisation and calculation we are encountering upon QRT S.27.01.01 & SR.27.01.01. Indeed, upon cell R4420/C1510 we are recovering the catastrophe risk charge before risk mitigation for the pandemic risk sub-module, according the following...

We believe that the answers to Q&A 1445 and 1182 is not clear enough on how to fill out C1510 for each country and for the total. 1) Should the income protection part be left out since C1420 and C1430 shall not be reported for each country? Meaning that C1510 should be calculated as 0.4 * Nc * M…

The company has several business lines. Only one is subject to DORA. If the external supplier provides services for only one business line not subject to DORA, should they be treated as ICT suppliers?

With regard to ancillary insurance intermediaries, should the thresholds for determining whether an entity is a micro, small or medium-sized enterprise, as set out in Article 3(60), (63) and (64), be based on the turnover generated exclusively by insurance activities or on the entity's total turnove…

Does the DORA Regulation apply to insurance intermediaries that qualify as small and medium-sized enterprises (SMEs) based on their turnover from insurance intermediation and the staff engaged in that activity, but do not qualify as SMEs based on their total turnover and employee numbers (including …