ICT Services Decision Tree

Overview Dashboard

Total Assessments

In Scope (DORA)

Critical Services

Scoping Distribution

No data yet. Complete an assessment.

Recent Assessments

No projects logged.

New ICT Service Classification

1. Application / Project Name

2. Fundamental DORA Scope (Art 3(21))

Is this a digital and data service provided through ICT systems on an ongoing basis (including hardware as a service, excluding traditional analogue telephone)?

Assessment Result:

Register of Information (RoI) & Contractual Requirements

Requirement	Applicability

Active Assessments

0 Records

Application Name	Status (Scope)	Service Type	Sourcing	Criticality	Actions

CSSF Standard Operating Procedure (SOP)

Guidelines for regulated financial entities handling ICT arrangements.

Initial Scoping CheckVerify if the vendor provides a digital/data service using ICT systems continuously. Exclude standard analogue telephone services or pure financial services.

Critical Assessment (CIF Check)Perform a Business Impact Analysis (BIA) to document if the service supports a Critical or Important Function. This dictates contract strictness.

Contract RemediationFor "In Scope" services, draft SLAs, exit strategies, and CSSF-mandated audit rights into the vendor agreement.

Register of Information (RoI) EntryConsolidate the assessment outputs and submit them into the standardized CSSF RoI templates for regulatory review.

Summary Matrix (Reference)

Scenario Type	Required in RoI?	Complex Clauses Needed?
1. Financial Service / Excluded	No	No
2. Non-Critical & Sub-outsourced	No	No
3. Critical & Sub-outsourced	Yes	Depends on Direct provider Contract
4. Non-Critical directly sourced	Yes	No
5. Critical directly sourced	Yes	Yes