DORA Chapter V Decoded: Building a Bulletproof Third-Party Risk Framework

Chapter V of the Digital Operational Resilience Act (DORA) focuses on ICT risks linked to third-party ICT service providers: cloud providers, software suppliers, and other technology partners.

As dependency grows, so do risks such as outages, cyberattacks, and service discontinuity.

In this session, Bastiaan Bruyndonckx (Partner at Lydian) breaks down the key obligations and what a robust third-party risk framework looks like in practice.

Join ISACA Belgium on June 24, 2026, at 17:30, and learn practical insights you can apply across the full outsourcing lifecycle.

Why attend

• Get a clear view of what DORA Chapter V requires from financial institutions in plain language.
• Understand how to design a third-party risk framework that is proactive, strategic, and legally anchored.
• Learn what “good” looks like for pre-outsourcing risk analyses, contractual safeguards, and ongoing oversight.
• Clarify expectations for audit rights, exit strategies, and managing subcontracting chains.
• Understand notification obligations for ICT services supporting critical or important functions (CIFs), and the new EU oversight of critical third-party ICT service providers (CTPPs).

The teams link for the session will be provided the day before the event.

For any additional questions, contact us via our social media or ISACA Education Support at education@isaca.be