Understanding RT.03: mapping ICT contractual relationships under DORA

the purpose of rt 03 rt 03 is the cornerstone of mapping contractual relationships in your ict service landscape it's designed to create a clear picture of who's signing what, who's providing services, and how these services flow within your organization or group the its divides rt 03 into three essential templates, each serving a specific purpose in untangling this web of relationships breaking down rt 03 the three templates 1\ rt 03 01 – who’s signing for receiving ict services? this template identifies the entities in your organization signing ict service contracts as the its states, “the entity signing the contractual arrangement and the entity making use of the ict services are not necessarily the same ” example in a medium sized insurance group, the parent company might sign a cloud services contract that's used by multiple subsidiaries 2\ rt 03 02 – who are your external ict service providers? here, you list all external ict service providers signing contracts with your organization the its requires you to identify “all the ict third party service providers referred to in template rt 05 01 signing the contractual arrangements referred to in template rt 02 01 ” example this could include major cloud providers or software vendors where the signing party and service provider differ you only map the party signing the contract 3\ rt 03 03 – who’s providing ict services within your group? this template captures intra group ict service provision, ensuring these services receive the same scrutiny as external ones example an internal it subsidiary providing helpdesk services to other business units who needs to pay special attention to rt 03? small, standalone entities focus primarily on rt 03 02 for external providers large or complex organizations all three templates become crucial in group structures, the service user and the contract signer may be different entities common pitfalls and how to avoid them misidentifying contractual parties carefully review which entity is signing the ict contract, especially in group structures inconsistencies across templates ensure rt 03 aligns with rt 01 02 (entities), rt 02 01 (contracts), and rt 05 01 (providers) overlooking intra group services document internal ict services thoroughly failing to update keep rt 03 current as your ict landscape evolves conclusion rt 03 is more than a bureaucratic requirement — it's a strategic tool for understanding and managing your ict service landscape it clarifies who is signing, who is providing, and how ict services flow across your organization but it can be complex manually mapping these relationships and ensuring consistency across templates is time consuming and error prone this is where specialized tooling can help dora compliant tools can automate entry, enforce consistency, and provide user friendly interfaces for mapping relationships remember the dora register isn’t just about compliance — it’s about insight and control rt 03 plays a critical role in helping financial institutions manage their ict risks effectively mailto\ info\@dora solutions com?subject=yes,%20keep%20me%20informed!