Regulatory Technical Standards (RTS) and Implementing Technical Standards (ITS)
Alongside the requirements set out in the Regulation, various topics are further elaborated in Regulatory Technical Standards (RTS). All DORA-related Regulatory Technical Standards (RTS) are listed below. This page further lists all available AFM templates with regard to the DORA-related application and reporting procedures.
ICT risk management
• RTS on ICT Risk Management framework and on simplified ICT Risk Management Framework (artikel 15 en 16(3))
ICT related incidents
• RTS on criteria for the classification of ICT-related incidents (artikel 18(3));• RTS and ITS on major incidents reporting (artikel 20(a) en 20(b))
Testing of digital operational resilience
• RTS on threat-led penetration testing (TLPT) (artikel 26(11))Management of ICT risk for third-party providers
• RTS to specify the policy on ICT services supporting critical or important functions (artikel 28(1));• ITS on the register of information (artikel 28(9));
• RTS on subcontracting ICT services (artikel 30(5))