Regulatory Technical Standards (RTS) and Implementation Technical Standards (ITS)
Alongside the requirements set out in the Regulation, various topics are further elaborated in Regulatory Technical Standards (RTS). All DORA-related Regulatory Technical Standards (RTS) are listed below. This page further lists all available AFM templates with regard to the DORA-related application and reporting procedures.
ICT-risicobeheer
- RTS on ICT Risk Management framework and on simplified ICT Risk Management Framework (article 15 en 16(3))
ICT-gerelateerde incidenten
- RTS on criteria for the classification of major ICT-related incidents (DORA article 18.3)
- RTS on specifying the content and reporting timelines for major ICT-related incidents (DORA article 20(a))
- ITS to establish the forms, templates and procedures for major ICT-related incident reporting (DORA article 20(b))
Testen voor digitale operationele weerbaarheid
- RTS on threat-led penetration testing (TLPT) (article 26(11))
Beheer van ICT-risico’s van derde aanbieders
- RTS to specify the policy on ICT services (DORA article 28.10)
- ITS to establish the templates for the Register of information (DORA article 28.9)
- RTS to specify elements when sub-contracting critical or important functions (DORA article 30.5)