IdentityStream

IdentityStream

DORA: ICT third-party risk & reporting to the Financial Supervisory Authority

IdS ICT Service Agreements

The main purpose of IdS ICT Service Agreements is to help financial institutions comply with DORA requirements for ICT third-party risk and ensure that the Register of Information (RoI) can be reported to the Financial Supervisory Authority in the expected format.

The solution provides structured registration of agreements and outsourcing, linking to functions/processes and suppliers, mapping of the supply chain, as well as follow-up through audits, status, actions, and reports. You can export RoI to xBRL-CSV for reporting, and from Q2-2026 you can pre-register critical/important ICT agreements (KRT-1121) directly from the solution.

DORA: control over third-party risk

Build a complete and audit-friendly Register of Information (RoI) for ICT third parties: agreements, supply chain, business functions, dependencies, and risk assessments – as DORA expects.

RoI export in expected format

Export RoI in xBRL-CSV format based on the fields in the registrations. You get a standardized basis for reporting and internal quality assurance.

Altinn integration (Q2-2026)

Pre-register critical/important ICT agreements (KRT-1121) directly to the Financial Supervisory Authority from IdS ServiceManager. Full traceability, control, and less manual work.

Agreement register for ICT services

Full overview of all ICT service agreements and outsourcing, including agreement type, duration, responsible party, cost fields, and necessary information for DORA.

Supply chain and subcontractors

Model the supply chain at multiple levels and link suppliers and subcontractors to relevant ICT service types. Ensures oversight of who actually delivers – and where the risk lies.

Follow-up, audit, and SLA/KPI

Plan periodic audits, follow up on deviations, and document deliveries (SLA/KPI). Dashboards make it easy to see what needs to be handled before supervision or internal audit.

Screenshots from IdS ICT Service Agreements

Selected screenshots showing the user interface and functionality.

Target groups & use cases

Who is IdS ICT Service Agreements suitable for? The solution is particularly relevant for:

  • Compliance / DORA officers: Establish RoI (Register of Information) and document third-party risk in an audit-friendly manner.
  • CISO / security team: Get an overview of critical supplier dependencies, subcontractors, and follow-up needs.
  • Procurement, contract owners, and service owners: Ensure proper agreement basis, follow-up, audit routines, and documentation.
  • Banking and finance: Be prepared for supervision from the Financial Supervisory Authority. Extract RoI, complete or partial as needed.

Typical use cases:

  • Establish RoI from scratch: map functions/processes → suppliers/supply chain → agreements.
  • Quality assure data before reporting: find gaps, get proper ownership, close deviations, and document decisions.
  • Periodic audit of agreements (more frequent for agreements supporting critical/important functions) with traceable history.
  • Follow-up on changes: new subcontractors, changed deliveries, or changes affecting risk and reporting.

What do you get in practice?

  • Faster path to DORA compliance for ICT third-party risk
  • Standardized and traceable documentation – ready for audit and supervision
  • Better control over supply chain and dependencies
  • Less manual work with RoI export and KRT-1121 reporting

Regulatory compliance

  • DORA: Third-party risk and requirements for overview/documentation of ICT services, suppliers, and agreements (RoI).
  • Expected reporting format: RoI export in xBRL-CSV as basis for KRT-1121.
  • Financial Supervisory Authority: Pre-registration of critical or important ICT agreements supported from Q2-2026.

Want to learn more?Book demo👉

Book demo

Get in touch

Address

IdentityStream AS

Laberget 22

4020 Stavanger

Phone number
(+47) 98 23 24 55
Email
hello@identitystream.com