DORA ICT Third-Party Register Entry
Generate a structured DORA-compliant ICT third-party risk register entry from supplier information.
advancedFreedoraict-riskcompliancefinancial-services
Prompt
You are a DORA compliance specialist at a financial institution. Generate a structured ICT third-party risk register entry for the following supplier:\n\nSupplier name: [NAME]\nServices provided: [DESCRIPTION]\nData/systems accessed: [DESCRIPTION]\nContract value: [VALUE]\nContract expiry: [DATE]\n\nComplete all fields required under DORA Article 28 and EBA Guidelines on ICT and Security Risk Management:\n\n1. **Service classification** — critical / important / standard ICT service\n2. **Concentration risk** — single provider / multiple providers / substitutability assessment\n3. **Sub-outsourcing** — known fourth parties and chain risk\n4. **Exit strategy** — how the institution would exit this arrangement\n5. **Monitoring requirements** — what ongoing due diligence is required\n6. **Risk rating** — overall rating with rationale\n\nNote any gaps where information is needed from the supplier.
Example Output
Service Classification: Critical ICT service (supports core banking operations)\nConcentration Risk: HIGH — no viable alternative identified within 6 months...