How to classify contracts under DORA: standalone, overarching, or associated?

the challenge when completing the digital operational resilience act (dora) information register, you must specify the type of each contractual arrangement standalone, overarching, or subsequent/associated this classification must be recorded in template rt 02 01, column rt 02 01 0020 'type of contractual arrangement' but how should you handle this for a typical ict service where agreements are spread across multiple documents like terms & conditions (t\&cs), terms of service (tos), and a data processing agreement (dpa)? what is a contractual arrangement according to dora? the dora regulation and implementing technical standards (its) don’t provide a strict definition of a contractual arrangement however, article 28(3) makes it clear that it refers to “contractual arrangements on the use of ict services provided by ict third party service providers ” in other words, it includes any agreements governing your use of ict services three types of contractual arrangements under dora for column rt 02 01 0020, the its specifies the following options standalone arrangement – a self contained agreement overarching arrangement – a master or framework agreement subsequent/associated arrangement – linked agreements like implementation contracts, subservice agreements, amendments, or order forms note service level agreements (slas) subordinate to these arrangements do not need to be recorded separately in the register classification of contractual arrangements in practice in many cases, ict service agreements are documented in several files such as t\&cs, tos, and a dpa so how should these be classified? these documents usually relate to the same ict service together define the conditions for using that service must be read together as a complete package in practice, this means they can be viewed as one contractual arrangement alternatively, you could treat them as multiple arrangements (e g , t\&cs as overarching, tos and dpa as associated), but this adds unnecessary complexity best practice classify as a standalone arrangement for rt 02 01 0020, choosing "1 standalone arrangement" is the most logical option in most cases here’s why the documents form a single package for the same service it avoids duplicating entries and reduces clutter in your register it aligns with the register’s goal understanding risk at the service level, not the individual document level conclusion and practical tip whenever possible, classify a service and its related documents (t\&cs, tos, dpa) as one standalone arrangement in rt 02 01, column rt 02 01 0020 this simplifies register maintenance and supports a clearer understanding of ict risks the prebuilt dora register from dora solutions allows you to store all documents under one ict service and classify them easily as a single arrangement mailto\ info\@dora solutions com?subject=request%20for%20demo\&body=dear%20dora solutions%20team,%0a%0aplease%20contact%20me%20for%20more%20information%20on%20a%20demo!