Glossary term

ICT third-party risk

Risk arising from ICT services provided by third parties to a regulated entity, governed by DORA Article 28.

When it matters

When you depend on cloud, SaaS, or specialist ICT vendors for any function that supports critical or important business activity.

Related terms

dora

Related articles

dora-readiness-for-fintech

Related services

grc-and-audit-readiness

Last reviewed: April 2026