EU-DORA-8-08
Documentation
8 — Identification
Identify ICT third-party dependent processes
Description
Financial entities must identify and document all processes that are dependent on ICT third-party service providers, and identify interconnections with ICT third-party service providers that provide...
Full Analysis & Evidence Requirements
Sign in to view the full obligation text, AI-generated applicability analysis, evidence checklists, and compliance mapping.
Sign In to ViewRelated Obligations
EU-DORA-8-01
Documentation
Identify and classify ICT supported business functions, roles and responsibilities
EU-DORA-8-02
Monitoring
Review adequacy of classification and documentation yearly
EU-DORA-8-03
Risk Management
Continuously identify all sources of ICT risk
EU-DORA-8-04
Risk Management
Review risk scenarios annually
EU-DORA-8-05
Risk Management
Perform risk assessment upon major changes (non-microenterprises)
EU-DORA-8-06
Documentation
Identify and map all information and ICT assets
EU-DORA-8-07
Documentation
Map asset configuration and interdependencies
EU-DORA-8-09
Documentation
Maintain and update asset inventories
EU-DORA-8-10
Risk Management
Conduct annual ICT risk assessment on legacy systems (non-microenterprises)
Map this obligation to your AI systems
ReguLume automatically maps regulatory obligations to your system inventory, identifies compliance gaps, and generates remediation plans.
Get Started