Search QAs

Are financial entities permitted to determine more than one risk tolerance level of ICT risk?

We are specialized in providing collaboration solutions (Voip, Video and Chat) for public sector and banking sector within the EU. with the DORE regulation we have been approached by almost all of our customers seeking a new solution to satisfy the DORE requirements in regards to the data being gene…

Are you able to provide a legal definition or additional context for the interpretation of "ICT Service" and "ICT Service Provider"?

"For clarification, does the requirement for a 'separate and dedicated network for the administration of ICT assets' refer to a physically separate network, a logically segmented one ? Could you please clarify what is meant by 'administration of ICT assets' in the context , does this refer only to m…

I kindly request that you answer the following question as quickly as possible: Our client is a financial company that is the only financial company belonging to another group of companies. However, the group of companies is not a group of financial companies, but rather a group of non-financial com…

Expression for the validation rule v8821_m: with{tB_05.01, default:0, interval: false}: if({c0020} = [eba_qCO:qx2000]) then ( (match({c0030}, "^[A-Z0-9]{18}[0-9]{2}$"))) endif Question: The check on ‘Additional’ identification code (c0030) based on the type of the original identifier (c0020) looks i…

Request for clarification regarding the scope of the term "any planned contractual arrangements related to the use of ICT services supporting critical or important functions", as referenced in Article 28(3) of Regulation (EU) 2022/2554 (DORA). In particular, I would appreciate clarification on the f…

I would like to know if the requirement regarding the digital operational training should be conducted periodically, in a frequent manner? Thank you in advance for your answer

Should or should DORA not apply to the company if the ancillary insurance intermediary activities are not the company’s principal activity, and based on the revenues from these ancillary insurance intermediary activities (rather than overall revenues), the company does not exceed the criteria for a …