1.   The Lead Overseer may, by simple request or by decision, require critical ICT third-party service providers to provide all information that is necessary for the Lead Overseer to carry out its duties under this Regulation, including all relevant business or operational documents, contracts, policies, documentation, ICT security audit reports, ICT-related incident reports, as well as any information relating to parties to whom the critical ICT third-party service provider has outsourced operational functions or activities. 2.   When sending a simple request for information under paragraph 1, the Lead Overseer shall: (a) refer to this Article as the legal basis of the request; (b) state the purpose of … Continue reading Article 37 DORA – Request for informationRead More →