Eigen Networks·Finance & Banking
Back to overview
DORA Compliance·ICT Risk & Third-Party·Certified

ICT Third-Party Vendor Assessor

Regulatory anchor: DORA Art. 28 / 29 / 30

Pulls a third-party vendor through the DORA assessment workflow. Classifies criticality (Art. 28), scores concentration risk (Art. 29), reviews exit plans (Art. 30), flags sovereignty concerns against BSI-Grundschutz, and produces a GO / CAUTION / PIVOT recommendation. Every finding carries its regulatory citation so the compliance team can defend the verdict in the next audit.

Agent topology

3 levels · 5 agents
Vendor Assessment LeadAgentgemma-3-4b-it

Decomposes the vendor assessment into regulatory + operational tracks, sequences the sub-leads, and produces the final recommendation with citations.

Regulatory Compliance LeadAgentgemma-3-4b-it

Owns DORA Art. 28 and Art. 29 evaluation. Sequences the criticality and concentration analysts and forwards a structured finding.

Criticality ClassifierAgentqwen-2.5-7b

Reads the vendor profile + bank's process-impact map. Decides DORA Art. 28 criticality (critical / important / supporting).

compliance.vendor_assess
Concentration AnalystAgentqwen-2.5-7b

Counts other critical processes on this vendor / parent group. Scores concentration risk per DORA Art. 29.

compliance.concentration_check
Operational Resilience LeadAgentgemma-3-4b-it

Owns DORA Art. 30 and the data-sovereignty review. Sequences the exit-plan reviewer and the sovereignty auditor.

Exit Plan ReviewerAgentphi-4-mini

Checks whether a documented + tested exit / substitutability plan exists per DORA Art. 30. Flags missing or stale artefacts.

Sovereignty AuditorAgentphi-4-mini

Cross-checks data-residency, sub-processor list and encryption against BSI-Grundschutz baseline and DSGVO Art. 28.

Citation ComposerAgentphi-4-mini

Builds the citation pack — exact article, paragraph, one-sentence quote — for every finding from both leads. Makes the assessment audit-ready.

compliance.citations_lookup