This checklist can be used by financial entities to document compliance with Section I of Chapter V (Managing of ICT Third-Party Risk) of the Digital Operational Resilience Act (EU Regulation 2022/2554) (“DORA”).

It is to be used when a financial entity has entered, or intends to enter, into a contract with a third-party service provider for the provision of information or communication technology (“ICT”) services, whether or not supporting critical or important functions.

The checklist comprises the following sections:

  • General Principles (Article 28 of DORA);
  • Preliminary Assessment of ICT Concentration Risk at Entity Level (Article 29 of DORA); and
  • Key Contractual Provisions (Article 30 of DORA).

A preview of this checklist is available here: ICT Third-Party Service Provider Contract Checklist (DORA) Preview.

This checklist will help you to navigate the complexity of the provisions contained in Section I of Chapter V (Managing of ICT Third-Party Risk) of DORA and document your firm’s compliance with those provisions in an easy-to-use fully customisable format. 

Please use the Buy Now button below to purchase this template. All major credit and debit cards accepted. The purchase price is £49.99.

The ICT Third-Party Service Provider Contract Checklist (DORA) will be emailed to you as a Word document within one working day of your order.

Disclaimer: This template is provided by Chelsea Publishing Limited trading as FSREG Templates on an “as is” basis for reference purposes only and without any guarantee of its suitability, accuracy, completeness or compliance with applicable laws and regulations. Chelsea Publishing Limited is not responsible for any action taken or omitted to be taken based on this template and individual legal, tax and regulatory advice should be obtained before this template is used. © 2023-2024 Chelsea Publishing Limited ( All rights reserved.