EU-DORA-33-08
Risk Management
33 — Tasks of the Lead Overseer
Assess risk management processes
Description
Full Analysis & Evidence Requirements
Sign in to view the full obligation text, AI-generated applicability analysis, evidence checklists, and compliance mapping.
Sign In to ViewRelated Obligations
EU-DORA-33-01
Monitoring
Conduct oversight of assigned critical ICT third-party service providers
EU-DORA-33-02
Human Oversight
Serve as primary point of contact for critical ICT third-party service providers
EU-DORA-33-03
Risk Management
Assess risk management rules and procedures of critical ICT third-party providers
EU-DORA-33-04
Risk Management
Focus assessment on ICT services supporting critical or important functions
EU-DORA-33-05
Risk Management
Extend assessment to non-critical functions when necessary
EU-DORA-33-06
Risk Management
Assess ICT requirements for service security and quality
EU-DORA-33-07
Risk Management
Assess physical security measures
EU-DORA-33-09
Risk Management
Assess governance arrangements
EU-DORA-33-10
Monitoring
Assess incident identification, monitoring and reporting mechanisms
EU-DORA-33-11
Data Governance
Assess data and application portability mechanisms
Map this obligation to your AI systems
ReguLume automatically maps regulatory obligations to your system inventory, identifies compliance gaps, and generates remediation plans.
Get Started