1.   Financial entities shall only use testers for the carrying out of TLPT, that: (a) are of the highest suitability and reputability; (b) possess technical and organisational capabilities and demonstrate specific expertise in threat intelligence, penetration testing and red team testing; (c) are certified by an accreditation body in a Member State or adhere to formal codes of conduct or ethical frameworks; (d) provide an independent assurance, or an audit report, in relation to the sound management of risks associated with the carrying out of TLPT, including the due protection of the financial entity’s confidential information and redress for the business risks of the financial entity; … Continue reading Article 27 DORA – Requirements for testers for the carrying out of TLPTRead More →