The competent authorities shall duly take into account the oversight activities carried out by the Lead Overseer when assessing the ICT third-party risk of financial entities under their supervision.
Report documenting the oversight assessment of critical ICT third-party service providers, including their ICT risk management arrangements, security posture, and compliance with oversight requirements as required by DORA Articles 33-44.
oversight-compliance-reportfs-oversight-compliance-statusDORA-Art33-P1assessment_dateoverall_compliance_rating{
"properties": {
"assessment_date": {
"format": "date",
"type": "string"
},
"critical_findings": {
"minimum": 0,
"type": "integer"
},
"findings_count": {
"minimum": 0,
"type": "integer"
},
"has_business_continuity": {
"type": "boolean"
},
"has_incident_management": {
"type": "boolean"
},
"has_risk_framework": {
"type": "boolean"
},
"has_security_controls": {
"type": "boolean"
},
"overall_compliance_rating": {
"enum": [
"compliant",
"partially_compliant",
"non_compliant"
],
"type": "string"
},
"provider_id": {
"minLength": 1,
"type": "string"
}
},
"required": [
"provider_id",
"assessment_date",
"overall_compliance_rating",
"has_risk_framework",
"has_security_controls"
],
"type": "object"
}