Maintain and manage the Register of Information
Be prepared for fixing errors indicated by EBA, continuous updating and on demand reporting of the registry. To maintain the Register of Information is an ongoing compliance process.
The article 28 of the Digital Operational Resilience Act (DORA) includes the obligation to report new agreements to the supervisory authority, as well as presenting the registry upon request and annually.
Webinar: Maintaining and updating the RoI
Maintaining and updating the Dora Register of Information (RoI) is more than a regulatory obligation – it’s a strategic necessity. In this on-demand webinar, you’ll discover:
- How to effectively manage RoI maintenance to stay compliant and organized
- The 4 key elements that form the backbone of the RoI system—essential for updating, reporting, and maintaining data
- A practical guide with 10 actionable steps to confidently update your register
Whether you’re refining your current process or just getting started, this session offers clear, expert-driven insights to help you stay ahead.
Register now to access the webinar and take control of your compliance strategy.
The DORA Register
of Information maintenance
Maintaining a register of ICT service providers is no longer just a compliance checkbox – it’s a strategic process that aligns with the meta-level steps of the Deming cycle: Plan, Do, Check, Act. Since the DORA regulation came into force, this task has become a critical operational requirement for financial institutions, directly impacting their digital resilience and risk governance. If you’re unsure how to structure or automate this process, join our upcoming webinar where we’ll walk you through a practical roadmap for building and sustaining an effective ICT provider register.
Plan
Planning the onboarding and offboarding of ICT suppliers
Do
Survey and assessment of new suppliers’ maturity, notifying the authority about new contracts
Check
Data validation, result analysis and reporting on demand
Act
Implementing corrections, regenerating reports
and assessment
How to fit the Register of Information into
risk management proccess?
Maintaining and updating the Register of Information is crucial to fulfill legal obligation arising from DORA. Maintaining the Register of Information is part of the risk management framework in accordance with DORA. Within this framework, ICT risk management, incident management, and ICT supplier management are interconnected. You can perform the four listed types of activities in our DORA REGISTER and RIG DORA applications.
Risk Analysis
and
Assessment
Data from the register is used to analyze the causes and assess the risk. This helps in developing strategies to prevent similar incidents in the future.
Incident
Reporting
The RoI helps to see all connection in the supplier chain and prepare better assessment. This ensures full transparency and allows for reporting to the relevant supervisory authorities.
Supplier
Management
The Register of Information contains information about all external ICT service providers, enabling the assessment of risks associated with suppliers and managing dependencies on external entities.
Business
Continuity
Updates to the register support business continuity planning by documenting data recovery procedures and plans for restoring functionality after incidents.
Combine maintaining the Register of Information with risk analysis and business continuity in RIG DORA tool.
Find out more about register and risk management with from our consultant.