Regulatory Technical Standards on the policy on ICT services supporting critical or important functions provided by ICT third-party service providers
- Status: Final draft RTS/ITS adopted by the EBA and submitted to the European Commission
These Regulatory Technical Standards specify parts of the governance arrangements, risk management and internal control framework that financial entities should have in place regarding the use of ICT third-party service providers. They aim to ensure financial entities remain in control of their operational risks, information security and business continuity throughout the life cycle of contractual arrangements with such ICT third-party service providers.