Click main image to view in full screen.
DORA ICT Third-Party Risk Management for EU Transport Playbook – Excel XLSX
Excel (XLSX) + Zip archive file (ZIP)
BENEFITS OF THIS DOWNLOADABLE EXCEL DOCUMENT
- 64 professional files with 349+ spreadsheet tabs and 2,730+ data rows
- 210 scored assessment questions across 7 domain areas
- 9 operational runbooks and checklists ready for immediate use
VENDOR MANAGEMENT EXCEL DESCRIPTION
DORA ICT ThirdParty Risk Management Playbook for EU Transport Operators
64 professional files (6 PDFs + 58 Excel workbooks) | 349+ spreadsheet tabs | 2,730+ rows of structured content | 11 organised folders
The Digital Operational Resilience Act sets a single, demanding bar for operational resilience across EU financial entities and their ICT providers. Governance, risk management, incident reporting, resilience testing, and third-party oversight all have to be demonstrably in place. Regulators are active, timelines are tight, and evidence expectations are explicit. A structured implementation programme is the only realistic way to close gaps on time.
WHAT YOU GET: A THREE-PHASE JOURNEY
Phase 1: Diagnose. Seven domain assessments (30 questions each, 210 total) score your maturity across Critical Function Identification, Risk Assessment Methodology, Due Diligence and Vendor Selection, and related areas. You can complete the Quick Scan diagnostic in under an hour and know exactly where the biggest gaps and opportunities sit.
Phase 2: Set Goals. Five PM template workbooks with roadmaps, RACI matrices, milestone trackers, risk registers, and stakeholder communication plans. These lock in scope, timeline, and accountability before a single line of implementation work starts, which is consistently where programmes succeed or stall.
Phase 3: Implement. Nine operational runbooks and checklists covering deployment, incident response, vendor and third-party handling, and governance reviews. Every runbook is built to be followed by a working team, not read and filed. Pro tips, example rows, and common-mistake callouts give you the benefit of hard-won practitioner experience from the first day.
7 DOMAIN ASSESSMENTS (210 QUESTIONS)
• Critical Function Identification
• Risk Assessment Methodology
• Due Diligence and Vendor Selection
• Contractual Compliance
• Ongoing Monitoring Framework
• Incident Response and Reporting
• Resilience Testing and Crisis Management
9 OPERATIONAL RUNBOOKS
• Board Report Template for Third Party Risk
• CISO Monthly Third Party Risk Review Guide
• Contract Renewal Review Checklist
• Critical Function Disruption Response Checklist
• ICT Security Domains Integration Checklist
• Resilience Testing Coordination Playbook
• Subcontractor Oversight Lifecycle Checklist
• Third Party Incident Handoff Protocol
• Third Party Onboarding Runbook
The full kit also includes a practitioner-grade library of PM forms spanning all five PMBOK process groups, KPI dashboards, risk and compliance registers, and reference cards. Every template comes pre-populated with domain-specific example data so your team can start editing, not staring at blank rows. You get a consistent operating system across diagnostic, planning, delivery, and sustainment, which is how mature programmes compound improvement year over year.
WHO THIS IS FOR: Financial services CIOs, CISOs, operational resilience officers, and ICT third-party risk teams.
Aligned with DORA.
Instant download. Start your first assessment within the hour.
Got a question about the product? Email us at support@flevy.com or ask the author directly by using the "Ask the Author a Question" form. If you cannot view the preview above this document description, go here to view the large preview instead.
Source: Best Practices in Vendor Management Excel: DORA ICT Third-Party Risk Management for EU Transport Playbook Excel (XLSX) Spreadsheet, Gerard Blokdijk
