EU-DORA-28-26 Requirement 28 — General principles

Have appropriate contingency measures for business continuity

Description

Financial entities must have appropriate contingency measures in place to maintain business continuity in the event of circumstances requiring exit from ICT third-party arrangements.

Full Analysis & Evidence Requirements

Sign in to view the full obligation text, AI-generated applicability analysis, evidence checklists, and compliance mapping.

Related Obligations

EU-DORA-28-01 Risk Management

Manage ICT third-party risk as integral component of ICT risk management

EU-DORA-28-02 Requirement

Remain fully responsible for compliance despite third-party arrangements

EU-DORA-28-03 Risk Management

Implement ICT third-party risk management proportionally

EU-DORA-28-04 Requirement

Adopt and regularly review ICT third-party risk strategy

EU-DORA-28-05 Documentation

Include policy on critical/important ICT services in third-party risk strategy

EU-DORA-28-06 Monitoring

Management body regular risk review for critical/important functions

EU-DORA-28-07 Documentation

Maintain and update register of ICT service contractual arrangements

EU-DORA-28-08 Documentation

Appropriately document contractual arrangements with distinction

EU-DORA-28-09 Reporting

Report yearly on new ICT service arrangements

EU-DORA-28-10 Transparency

Make register available to competent authority upon request

Map this obligation to your AI systems

ReguLume automatically maps regulatory obligations to your system inventory, identifies compliance gaps, and generates remediation plans.

Get Started

Have appropriate contingency measures for business continuity

Description

Full Analysis & Evidence Requirements

Related Obligations

Map this obligation to your AI systems

Start your compliance assessment