DORA-Art41-P1

Article
41 (1)
Pillar
Third-Party ICT Risk Management
Regulation Ref
Regulation (EU) 2022/2554, Article 41(1)
Last Reviewed
2026-01-15

The competent authorities shall, in a timely manner, provide the Lead Overseer with any information relevant for the purpose of carrying out the duties of the Lead Overseer.

Evidence Profiles

Critical Provider Oversight Compliance Report RARE

Report documenting the oversight assessment of critical ICT third-party service providers, including their ICT risk management arrangements, security posture, and compliance with oversight requirements as required by DORA Articles 33-44.

Formats
PDF
Evidence Class
oversight-compliance-report
Availability
RARE
Update Frequency
annual
Typical Author
Lead Overseer / Internal Audit
Approval Chain
Head of Internal Audit → CRO

Content Sections

Expected Fields

Common Quality Issues

Fact Schemas

oversight_compliance_status

Schema ID
fs-oversight-compliance-status
Control
DORA-Art33-P1

Valid Ranges

assessment_date
within last 12 months
overall_compliance_rating
compliant for continued service provision

Related Schemas

JSON Schema

{
  "properties": {
    "assessment_date": {
      "format": "date",
      "type": "string"
    },
    "critical_findings": {
      "minimum": 0,
      "type": "integer"
    },
    "findings_count": {
      "minimum": 0,
      "type": "integer"
    },
    "has_business_continuity": {
      "type": "boolean"
    },
    "has_incident_management": {
      "type": "boolean"
    },
    "has_risk_framework": {
      "type": "boolean"
    },
    "has_security_controls": {
      "type": "boolean"
    },
    "overall_compliance_rating": {
      "enum": [
        "compliant",
        "partially_compliant",
        "non_compliant"
      ],
      "type": "string"
    },
    "provider_id": {
      "minLength": 1,
      "type": "string"
    }
  },
  "required": [
    "provider_id",
    "assessment_date",
    "overall_compliance_rating",
    "has_risk_framework",
    "has_security_controls"
  ],
  "type": "object"
}