Third Party Risk
Skill packages tagged with “Third Party Risk”
ICT Subcontracting Oversight (DORA)
Draft the ICT subcontracting oversight framework per DORA and RTS 2025/0532, covering conditions for sub-outsourcing critical functions, notification and approval processes, concentration risk, and monitoring.
ICT Third-Party Risk Policy (DORA)
Draft the ICT third-party risk management policy required by DORA Art. 28 and RTS 2024/1773, covering strategy, due diligence, contractual provisions (Art. 30), monitoring, exit planning, concentration risk, and sub-outsourcing governance.
NIS2 Supply Chain Security
Assess and manage supply chain cybersecurity risks per NIS2 Art. 21(2)(d). Scores supplier criticality and cybersecurity maturity, validates contractual security clauses, and identifies concentration risks in the ICT supply chain. Produces a supplier risk register and contractual review report.
OSFI B-10 — Third-Party Contracting
Draft standards for third-party written agreements (data security, audit rights, BCP) under OSFI B-10, including Annex 2 for high-risk/critical arrangements.
OSFI B-10 — Third-Party Exit and Contingency
Draft exit and contingency plans for third-party arrangements under OSFI B-10 (triggers, playbooks, review).
OSFI B-10 — Third-Party Monitoring
Draft ongoing monitoring and incident management for third-party arrangements under OSFI B-10 (metrics, escalation, OSFI incident reporting).
OSFI B-10 — Third-Party Risk Assessment
Draft risk identification, assessment, and due diligence for third-party arrangements under OSFI B-10 (criteria, concentration, subcontracting, Annex 1).
OSFI B-10 — Third-Party Risk Management Framework
Draft the enterprise-wide TPRMF (governance, accountabilities, lifecycle, inventory) for federally regulated financial institutions under OSFI B-10.