EU-DORA-27-08
Requirement
27 — Requirements for testers for the carrying out of TLPT
Use external threat intelligence provider when using internal testers
Description
When using internal testers, financial entities must ensure that the threat intelligence provider is external to the financial entity.
Full Analysis & Evidence Requirements
Sign in to view the full obligation text, AI-generated applicability analysis, evidence checklists, and compliance mapping.
Sign In to ViewRelated Obligations
EU-DORA-27-01
Requirement
Use only qualified testers for TLPT - highest suitability and reputability
EU-DORA-27-02
Requirement
Use only testers with technical and organizational capabilities
EU-DORA-27-03
Requirement
Use only certified or code-compliant testers
EU-DORA-27-04
Requirement
Require independent assurance from testers
EU-DORA-27-05
Requirement
Use only testers with professional indemnity insurance
EU-DORA-27-06
Requirement
Obtain authority approval for internal testers
EU-DORA-27-07
Requirement
Ensure authority verification of resources and conflict avoidance for internal testers
EU-DORA-27-09
Data Governance
Ensure sound management of TLPT results through contracts
Map this obligation to your AI systems
ReguLume automatically maps regulatory obligations to your system inventory, identifies compliance gaps, and generates remediation plans.
Get Started