1.   Financial entities shall manage ICT third-party risk as an integral component of ICT risk within their ICT risk management framework as referred to in Article 6(1), and in accordance with the following principles: (a) financial entities that have in place contractual arrangements for the use of ICT services to run their business operations shall, at all times, remain fully responsible for compliance with, and the discharge of, all obligations under this Regulation and applicable financial services law; (b) financial entities’ management of ICT third-party risk shall be implemented in light of the principle of proportionality, taking into account:(i)the nature, scale, complexity and importance of ICT-related dependencies,(ii)the … Continue reading Article 28 DORA – General principlesRead More →