Register of information regulatory packages

  • Versão de lançamento: Australia
  • Atualizado 12 de mar. de 2026
  • 2 min. de leitura

    • The Register of Information (RoI) is a regulatory reporting requirement under the Digital Operational Resilience Act (DORA) and is supported by the Digital Resilience Third-party Information Register application in the Vendor Management Workspace application.

    RoI overview

    The RoI is a structured data package that financial entities must submit to regulators to demonstrate compliance with DORA. It includes information about legal entities, third-party service providers, contracts, and functions.

    Starting with version 21.1.x, third-party assessors (sn_vdr_risk_asmt.vendor_assessor) can generate regulator-ready RoI packages using the Plain-CSV Report Package option on the download page. The ZIP file includes metadata and report folders structured to regulator specifications, with file names containing LEI, entity ID, and release version. This enhancement ensures EU DORA compliance and supports automated validation workflows. You can follow the guide provided in the Instructions section on the Download/Upload request page for step-by-step instructions and required permissions.

    Nota:
    You can use the Excel master template option to download a document to use for data preparation and internal review and the Plain-CSV reporting package option to download a document to use for regulator submission and compliance validation.

    The RoI framework is designed to align with DORA’s five pillars, particularly ICT third-party risk management and incident reporting. TPRM contributes third-party risk data that is included in RoI packages generated by Digital Operational Resilience capabilities. These RoI packages follow the European Banking Authority’s structure and validation requirements.

    Nota:
    RoI framework includes DPM business validation rules and additional configuration files such as report.json, reportPackage.json, and FrameworkCodeModuleVersion. These components enable third-party risk administrators (sn_vdr_risk_asmt.vendor_admin) to view and maintain validation logic and configuration settings for CSV reporting and automated validation workflows, ensuring consistency and compliance across regulatory submissions. TPR admins can access these properties by navigating to All > Digital Operational Resilience Management > Properties and can access DPM business validation rules by navigating to All > Digital Operational Resilience Management > DPM business validation rules.

    After validation completes, the system automatically notifies the request initiator by email and attaches the validation report when errors or warnings are detected.

    Currency conversion and aggregation

    During report generation, you can enable optional currency conversion and third‑party total expense aggregation. These options standardize or combine annual expense values in the reporting package. These options affect only the generated reporting package and do not modify source records in the digital resilience registers.

    For more information, see Currency conversion and third-party total expense aggregation.

    Digital Resilience Third-party Information Register support for RoI

    The Digital Resilience Third-party Information Register provides the following capabilities to support RoI compliance:

    • Data capture for entities, contracts, functions, and third parties
    • CSV report generation aligned with regulator specifications
    • ZIP packaging with metadata and report folders
    • Validation workflows for technical, schema, and business rule checks
    • Role-based access for managing RoI requests
    Nota:

    All RoI-related actions are performed in the Digital resilience third-party registers section of the Vendor Management Workspace. This workspace provides access to download/upload requests, validation tools, and master templates.

    For more information, see Generate a register of information package