The Lead Overseer shall exercise its powers in close consultation with the Joint Oversight Network and shall report regularly to the Oversight Forum on the oversight activities carried out.
Report documenting the oversight assessment of critical ICT third-party service providers, including their ICT risk management arrangements, security posture, and compliance with oversight requirements as required by DORA Articles 33-44.
oversight-compliance-reportfs-oversight-compliance-statusDORA-Art33-P1assessment_dateoverall_compliance_rating{
"properties": {
"assessment_date": {
"format": "date",
"type": "string"
},
"critical_findings": {
"minimum": 0,
"type": "integer"
},
"findings_count": {
"minimum": 0,
"type": "integer"
},
"has_business_continuity": {
"type": "boolean"
},
"has_incident_management": {
"type": "boolean"
},
"has_risk_framework": {
"type": "boolean"
},
"has_security_controls": {
"type": "boolean"
},
"overall_compliance_rating": {
"enum": [
"compliant",
"partially_compliant",
"non_compliant"
],
"type": "string"
},
"provider_id": {
"minLength": 1,
"type": "string"
}
},
"required": [
"provider_id",
"assessment_date",
"overall_compliance_rating",
"has_risk_framework",
"has_security_controls"
],
"type": "object"
}