The Register of Information in DORA Go to content
Consulting Services The Register of Information in DORA
Advisory Managed Services
Tech Solutions The Register of Information in DORA
Quantitative Analytics Financial Data Management Risk Management GRC Automation AML Software
Industries The Register of Information in DORA
Bank Insurance Asset Management Payment Market Infrastructure
This is Advisense The Register of Information in DORA
Advisense | talks Client Stories News Career Management & Board Events
Contact
The Register of Information in DORA EN
Consulting Services
Tech Solutions
Industries
This is Advisense

Select your region and language

Search

The Register of Information in DORA

The Register of Information in DORA

The Digital Operational Resilience Act (DORA) sets strict requirements for financial entities to ensure they can withstand, respond to, and recover from ICT-related disruptions. A deep understanding of an organisation's relationships with ICT third-party suppliers is essential to achieving this resilience. Beyond an individual entity’s awareness, one of DORA’s main objectives is to provide regulators with a holistic view of the financial sector’s dependencies on third-party providers.

Understanding the Register of Information in DORA

To accomplish this, all financial entities must maintain and report a Register of Information covering all ICT service providers they rely on. This register acts as a centralised repository of contracts with third-party ICT providers, ensuring transparency, effective risk management, and regulatory oversight.

Key Requirements of the Register

The primary goal is to establish a comprehensive and up-to-date register of all ICT third-party providers. However, organisations face significant challenges, particularly when creating this register for the first time.

Key requirements include:

•                    Documenting all ICT third-party providers in a structured register.

•                    Ensuring completeness and accuracy, with almost 100 data fields required per supplier.

•                    Recording supplier relationships and dependencies, including subcontracting arrangements.

•                    Keeping the register updated as new suppliers are added.

Once the initial register is created, maintaining it over time becomes more manageable. Adding new suppliers individually is a feasible task, but the primary challenge is the first-time registration of all existing suppliers, which can range from just a few to over 50 suppliers, depending on the organisation’s size and complexity.

Challenges in Creating and Maintaining the Register

1. The Complexity of Data Collection

One of the main challenges organisations face is the sheer volume of data required. Each supplier entry contains almost 100 individual data points, many of which overlap but must still be filled out separately to meet regulatory requirements.

2. Supplier and Subcontractor Dependencies

The information does not only relate to the supplier itself but must also include:

•                    The processes the supplier supports within the organisation.

•                    Subcontracting arrangements, requiring organisations to track fourth-party risks as well.

3. Lack of Centralised Information

Many organisations struggle with decentralised data. Information sits across multiple departments, contracts, and roles, making it difficult to compile in a single register. While some data can be sourced internally, in many cases, organisations must contact their suppliers to obtain the required information, which adds time and complexity.

4. Regulatory Scrutiny and Compliance Risks

DORA mandates that financial entities provide accurate and audit-ready registers to supervisory authorities. However, results from the  2024 EBA dry-run highlight the difficulty of achieving compliance—only 6.5% of organisations successfully passed all data quality checks on their registers.

Conclusion

The Register of Information under DORA plays a critical role in enhancing the financial sector’s operational resilience against ICT risks. However, compliance is not just a one-time exercise—it requires continuous effort, collaboration, and strong data management practices.

Organisations must overcome key challenges, including data accuracy, supplier transparency, and ongoing updates, to ensure they meet regulatory expectations. However, the most significant challenge is the initial creation of the register from scratch, a complex and time-consuming task that must be completed by April 15th for those reporting to SFSA.

With the right processes and governance, organisations can turn the Register of Information from a compliance burden into a valuable tool for operational resilience and risk management.

How We Can Help

At Advisense, we understand the challenges organisations face in gathering, structuring, and maintaining the Register of Information required by DORA. To simplify this process, we have developed a model designed to streamline information collection, improve data accuracy, and enhance efficiency.

Our model helps financial entities:

•                    Standardise data collection across different departments and suppliers.

•                    Ensure compliance with DORA’s stringent requirements.

•                    Reduce manual effort by introducing structured workflows.

•                    Improve data quality and consistency, minimising errors and regulatory risks.

By leveraging our expertise, organisations can save time, reduce complexity, and ensure a smooth reporting process. Get in touch with us today to learn more about how we can support your compliance journey.

You can read more and dive into material at EBAs or SFSAs homepage 

Read more about DORA here.

Ragnar Malmros

Director- Advisory Sweden Operational risk/ICT

+46768518980

Offices

This is Advisense