For the purpose of carrying out the duties laid down in this Section, the Lead Overseer shall have the powers to request all relevant information and documentation, to conduct general investigations and inspections, and to issue recommendations.
Report documenting the oversight assessment of critical ICT third-party service providers, including their ICT risk management arrangements, security posture, and compliance with oversight requirements as required by DORA Articles 33-44.
oversight-compliance-reportfs-oversight-compliance-statusDORA-Art33-P1assessment_dateoverall_compliance_rating{
"properties": {
"assessment_date": {
"format": "date",
"type": "string"
},
"critical_findings": {
"minimum": 0,
"type": "integer"
},
"findings_count": {
"minimum": 0,
"type": "integer"
},
"has_business_continuity": {
"type": "boolean"
},
"has_incident_management": {
"type": "boolean"
},
"has_risk_framework": {
"type": "boolean"
},
"has_security_controls": {
"type": "boolean"
},
"overall_compliance_rating": {
"enum": [
"compliant",
"partially_compliant",
"non_compliant"
],
"type": "string"
},
"provider_id": {
"minLength": 1,
"type": "string"
}
},
"required": [
"provider_id",
"assessment_date",
"overall_compliance_rating",
"has_risk_framework",
"has_security_controls"
],
"type": "object"
}