DORA Chapter V Decoded: Building a Bulletproof Third-Party Risk Framework

Chapter V of the Digital Operational Resilience Act (DORA) focuses on ICT risks linked to third-party ICT service providers: cloud providers, software suppliers, and other technology partners.

As dependency grows, so do risks such as outages, cyberattacks, and service discontinuity.

In this session, Bastiaan Bruyndonckx (Partner at Lydian) breaks down the key obligations and what a robust third-party risk framework looks like in practice.

Join ISACA Belgium on June 24, 2026, at 17:30, and learn practical insights you can apply across the full outsourcing lifecycle.

Why attend

  • Get a clear view of what DORA Chapter V requires from financial institutions in plain language.
  • Understand how to design a third-party risk framework that is proactive, strategic, and legally anchored.
  • Learn what “good” looks like for pre-outsourcing risk analyses, contractual safeguards, and ongoing oversight.
  • Clarify expectations for audit rights, exit strategies, and managing subcontracting chains.
  • Understand notification obligations for ICT services supporting critical or important functions (CIFs), and the new EU oversight of critical third-party ICT service providers (CTPPs).

What participants will learn

  • Explain the key obligations under DORA Chapter V for managing third-party ICT risk.
  • Develop a strategy for the use of third-party ICT service providers.
  • Apply pre-outsourcing risk analysis to assess performance, security, and continuity risks.
  • Translate DORA expectations into contractual safeguards (including security provisions), audit rights, and exit strategies.
  • Maintain a current register of outsourcing arrangements and use it to support oversight.
  • Manage subcontracting chains and transparency across the entire lifecycle of contractual arrangements.
  • Distinguish CIFs under DORA and relate the concept to existing regulatory frameworks (e.g., BRRD, Solvency II, MiFID II).
  • Understand the direct supervision mechanism for CTPPs by European supervisory authorities.

Earn CPEs

Earn up to 1.5 CPEs (full attendance required).

Please note that if you do not attend the entire program or fail to complete the required process, no CPEs can be attributed. Applying for CPEs is the participant’s responsibility.

Price

This event is free. You can register through the blue button.

More information

For additional questions, contact us via our social media or contact ISACA Education Events Support at eb.acasi@noitacude

Speaker

Bastiaan Bruyndonckx
Partner

Date

Time

Costs

Free
Exempted From VAT article 44, §2 - 4° of the Belgian VAT Code

Location

Online

A Teams link will be provided to the attendees

Organizer

ISACA BE Education
eb.acasi@noitacude

Chapter V of the Digital Operational Resilience Act (DORA) focuses on ICT risks linked to third-party ICT service providers: cloud providers, software suppliers, and other technology partners.

As dependency grows, so do risks such as outages, cyberattacks, and service discontinuity.

In this session, Bastiaan Bruyndonckx (Partner at Lydian) breaks down the key obligations and what a robust third-party risk framework looks like in practice.

Join ISACA Belgium on June 24, 2026, at 17:30, and learn practical insights you can apply across the full outsourcing lifecycle.

Why attend

  • Get a clear view of what DORA Chapter V requires from financial institutions in plain language.
  • Understand how to design a third-party risk framework that is proactive, strategic, and legally anchored.
  • Learn what “good” looks like for pre-outsourcing risk analyses, contractual safeguards, and ongoing oversight.
  • Clarify expectations for audit rights, exit strategies, and managing subcontracting chains.
  • Understand notification obligations for ICT services supporting critical or important functions (CIFs), and the new EU oversight of critical third-party ICT service providers (CTPPs).

What participants will learn

  • Explain the key obligations under DORA Chapter V for managing third-party ICT risk.
  • Develop a strategy for the use of third-party ICT service providers.
  • Apply pre-outsourcing risk analysis to assess performance, security, and continuity risks.
  • Translate DORA expectations into contractual safeguards (including security provisions), audit rights, and exit strategies.
  • Maintain a current register of outsourcing arrangements and use it to support oversight.
  • Manage subcontracting chains and transparency across the entire lifecycle of contractual arrangements.
  • Distinguish CIFs under DORA and relate the concept to existing regulatory frameworks (e.g., BRRD, Solvency II, MiFID II).
  • Understand the direct supervision mechanism for CTPPs by European supervisory authorities.

Earn CPEs

Earn up to 1.5 CPEs (full attendance required).

Please note that if you do not attend the entire program or fail to complete the required process, no CPEs can be attributed. Applying for CPEs is the participant’s responsibility.

Price

This event is free. You can register through the blue button.

More information

For additional questions, contact us via our social media or contact ISACA Education Events Support at eb.acasi@noitacude

Speaker

Bastiaan Bruyndonckx
Partner
Register Now

Date

Time

Costs

Free

Location

Online

A Teams link will be provided to the attendees

Organizer

ISACA BE Education
eb.acasi@noitacude

We do our best with using as less posible cookies and tracking. By continuing to use this site, you acknowledge and accept our use of functional cookies. However, some external services require your permission to place cookies.

Accept All Accept Required Only