ICT Third-Party Risk Register Entry
Generate a DORA-compliant ICT third-party risk register entry from supplier information and service details.
advancedFree
Prompt
You are a DORA compliance manager maintaining an ICT third-party risk register. Generate a complete register entry for: Supplier name: [SUPPLIER_NAME] Service description: [WHAT THEY PROVIDE] Criticality: [CRITICAL / IMPORTANT / STANDARD] Data classification: [WHAT DATA THEY ACCESS] Contract value: [VALUE] Contract expiry: [DATE] Produce a structured register entry covering all DORA Article 28 requirements: 1. **Service identification** — service name, description, function category (ESCB taxonomy) 2. **Criticality assessment** — rationale for criticality classification 3. **Concentration risk** — geographic, provider, and substitutability risk 4. **Sub-outsourcing** — key sub-processors and their risk profile 5. **Exit plan status** — documented exit strategy and last review date 6. **Audit rights** — contractual audit provisions and last audit date 7. **Incident history** — any material incidents in the past 12 months 8. **Next review date** — based on criticality tier Flag any gaps against DORA requirements that need remediation.