Third Party Risk Institute Ltd

Required: Day 1 (March 24) Livestream Class

Required: Day 2 (March 26) Livestream Class

OPTIONAL (March 30): Zoom Link to Livestream discussion / Q&A

Glossary Of Terms

Module 0 Required Reading

Module 1 Recording

DORA ** Digital Operational Resilience Act 2022/2554

REQUIRED READING ** Regulatory Technical Standards (RTS): Recitals 2, 24, 30

OPTIONAL READING ** Information and Communications Technology

OPTIONAL READING ** DORA Implementation Guidance

Review Questions Module 1

Module 2 Recording

REQUIRED READING ** DORA Articles 3, 4, 6, 28, 29, 58

REQUIRED READING ** Regulatory Technical Standards - Recitals 1, 26

3PRi RESOURCE: Minimum Requirements Checklist

3PRi RESOURCE: Relationship Segmentation Framework

3PRi Resource Non-Vendor Categories

OPTIONAL READING: EBA Draft Guidelines on Sound Management of Third Party Risk

OPTIONAL READING: ESMA Principles on Third Party Risk Supervision

OPTIONAL READING: ECB Guide on Outsourcing Cloud Services

OPTIONAL READING: JC Final Report DORA Regulatory Technical Standards

Review Questions Module 2

Module 3 Recording

REQUIRED READING ** DORA Articles 5, 6, 7, 8, 9, 10, 11, 12

REQUIRED READING ** Regulatory Technical Standards - Recitals 5, 7, 8, 9, 10, 14, 15, 17, 22, 23, 25

3PRi RESOURCE: Condensed Guide to Business Impact Analysis

3PRi RESOURCE: Risk Governance Framework

Review Questions Module 3

Module 4 Recording

REQUIRED READING ** DORA Articles 17, 18, 19, 20

REQUIRED READING ** Regulatory Technical Standards - Recitals 11, 12, 13, 18, 20, 21

REGULATORY REPORTING TEMPLATE: EUR-Lex Commission Implementing Regulation

REGULATORY REPORTING TEMPLATE: CBI Major Incident Reporting (Excel)

REGULATORY REPORTING TEMPLATE: CNMV Major ICT Incident Template

REGULATORY REPORTING TEMPLATE: CNMV Significant Cyber Threat Template

3PRi RESOURCE: Risk-Weighted Template for Classifying Business Interruption Severity

3PRi Resource: Best Practices for Annual Testing

OPTIONAL READING ** Regulatory Technical Standard - Incident Classification, Chapters I, II, III, IV, V

OPTIONAL READING (GERMANY): BaFIN Management, Classification and Reporting of ICT-related Incidents

OPTIONAL READING (MALTA): MFSA - TIBER-MT and DORA TLPT-MT National Implementation Document

Review Questions Module 4

Module 5 Recording

REQUIRED READING ** DORA Articles 24, 25, 26, 27

REQUIRED READING ** Regulatory Technical Standards - Recital 16

OPTIONAL READING: ECB Tiber/EU Framework for Implementing Threat Intelligence-based Red Teaming

OPTIONAL READING: JC Final Report DORA Regulatory Technical Standards for TLPT

Review Questions Module 5

Module 6 Recording

REQUIRED READING ** DORA Articles 28, 29, 30. 31. 37. 38, 39, 40, 41, 47, 50, 54

REQUIRED READING: Regulatory Technical Standards for Subcontracting

3PRi RESOURCE: Required Contractual Terms and Conditions

3PRi RESOURCE: Some Best Practices in Contracting

Review Questions Module 6

Module 7 Recording

REQUIRED READING ** DORA Articles 19, 45

OPTIONAL READING ** Joint Council - Regulatory Technical Standards for TLPT

Review Questions Module 7

Module 8 Recording

REQUIRED READING ** DORA Articles 6, 28, 29, 31

3PRi RESOURCE: Risk Monitoring and Relationship Management

3PRi RESOURCE: Best Practices in Relationship Management

Review Questions Module 8

Module 9 Recording

REQUIRED READING ** Regulatory Technical Standards - Recitals 5, 7, 8

OPTIONAL READING: FSISAC Implementation Guidance

OPTIONAL READING ** Summary DORA policies, practices and documentation

Review Questions Module 9

CDP - Qualifying Assessment