QFX templates aligned to DORA Article 28 ICT service provider requirements. All ICT service providers assessed via Vendor Portal; results feed the DORA register required for regulatory reporting. Critical ICT third-party provider identification and concentration risk supported.
EU Digital Operational Resilience Act · Application from 17 Jan 2025
All ICT service providers in scope, with contractual provisions evidence (Art. 30) and exit strategy documentation.
Information register required by Art. 28(3) maintained continuously — generated for regulatory submission on demand.
Identifies critical and important functions provided by the same or affiliated ICT third-party providers.
TLPT (Threat-Led Penetration Testing) evidence and digital operational resilience testing records preserved.
Article 28(3) register in the format competent authorities request.
Per-provider documentation of criticality assessment under Art. 30.
Verisq generates the artifacts your auditors and regulators expect — on demand, with current data, with framework mappings embedded.