ICT service description
The provider describes the ICT functions supplied, delivery locations, material dependencies and associated service levels.
DORAVendorReady
DORA Article 30 clauses
Prepare a contractual baseline covering service description, security, data, incident, audit, outsourcing and exit.
Clause library
These wordings are operational starting points and must be validated by legal counsel before signature.
Security and operational resilience
The provider maintains proportionate security controls, tests continuity for critical services and keeps evidence required for client reviews.
Incident notification
The provider notifies without undue delay incidents that may affect the availability, integrity, confidentiality or authenticity of the service.
Audit and information access
The provider makes available information reasonably required for audits, risk assessments and regulatory requests from the client.
Material subcontracting
The provider informs the client of material subcontractors and flows down security, resilience, confidentiality and exit assistance obligations.
Exit and reversibility
The provider assists the client in transferring or deleting data and maintaining continuity during the agreed exit period.