Regulatory Technical Standards (RTS) and Implementing Technical Standards (ITS)
Alongside the requirements set out in the Regulation, various topics are further elaborated in Regulatory Technical Standards (RTS). All DORA-related Regulatory Technical Standards (RTS) are listed below. This page further lists all available AFM templates with regard to the DORA-related application and reporting procedures.
ICT risk management
- RTS on ICT Risk Management framework and on simplified ICT Risk Management Framework (artikel 15 en 16(3))
ICT related incidents
- RTS on criteria for the classification of ICT-related incidents (artikel 18(3));
- RTS and ITS on major incidents reporting (artikel 20(a) en 20(b))
Testing of digital operational resilience
- RTS on threat-led penetration testing (TLPT) (artikel 26(11))
Management of ICT risk for third-party providers
- RTS to specify the policy on ICT services supporting critical or important functions (artikel 28(10));
- ITS on the register of information (artikel 28(9));
- RTS on subcontracting ICT services (artikel 30(5))