The Digital Operational Resilience Act (DORA) sets new European standards – also applied in the UK as UK Dora - for so called Financial Entities, meaning companies doing business in the financial sector (named “Financial Entities”). These Financial Entities are subject to DORA and the DORA government public authorities that apply DORA to them.
For Leaseweb Customers that are qualified as Financial Entity, here are Customer DORA Questionnaires and Customer Frequently Asked Questions, so that the Customer who is a Financial Entity can fill out their own Customer DORA
Questionnaires:
-
Leaseweb supports the Customer to use this example DORA Customer Questionnaire to fill out the Customer owned Questionnaires.
-
Leaseweb supports the Customer to use the Leaseweb Policies, Chapter F, to comply with DORA contractual terms laid down in the Leaseweb DORA Addendum as part of the Policies at the Leaseweb website at: Legal & Compliance – Sales Contract
In DORA reference is made to subcontractors and suppliers, also called ICT third party service providers —including IaaS providers like Leaseweb (ICT TPP). Leaseweb is a third party ICT service provider to a Customer that is a Financial Entity.
Below, you can find answers to common questions about DORA Questionnaires for the Customer who is a Financial Entity to use for its own DORA Questionnaire. Also information is provided to be used by the Customer as Financial Entity for Leaseweb’s role as ICT third party provider.
The Customer who is a Financial Entity may consider Leaseweb a critical ICT third party provider. However, Leaseweb is not an (ESA) designated critical ICT TPP. Also, Leaseweb is not a Financial Entity. Leaseweb does not issue registered LEI codes.
Leaseweb also explains how the Leaseweb services help the Financial Entity to stay secure, scalable, and regulation-ready.
-
What is the Digital Operational Resilience Act (DORA)?
DORA is an EU regulation designed to strengthen the digital resilience of financial institutions and their critical service providers, including IaaS providers like Leaseweb. DORA requires a Financial Entity to manage ICT risks, ensure operational continuity, and report incidents effectively.
-
Why is DORA relevant for a Financial Entity using cloud services?
A Financial Entity has to administer and (contractually) manage their ICT third party providers, including cloud and infrastructure providers. The Financial Entity needs to comply with DORA by means of DORA meeting DORA requirements. This includes security controls, risk management, business continuity, and incident reporting also contractually with ICT third party providers.
-
Is Leaseweb subject to DORA?
No, Leaseweb is not (directly) subject to DORA as Leaseweb is not a Financial Entity and is not subject to a DORA authority. Leaseweb’ s Customers as Financial Entity are subject to DORA and need Leaseweb's support to demonstrate their Financial Entity Customer compliance. Leaseweb is a ICT-third-party service provider (ICTTPP) under DORA, as non- designated critical services supplier.
-
What contractual terms does Leaseweb offer to help a Financial Entity to comply with DORA?
In the Leaseweb B2B Sales Contract Schedules, the Leaseweb Policies are applicable including Chapter F that has been added with DORA Addendum terms. This means that the DORA Addendum terms are already included in our Sales Contract by means of these binding Policies applicable to the Customer. Therefore the Dora Addendum terms are already in place for Leaseweb Customers that are subject to DORA as Financial Entity. -
Does Leaseweb have direct access to customer data?
No, Leaseweb does not have direct access to content that include Customer Data. Leaseweb provides (unmanaged) IaaS to its customers in its role as DORA ICT third party provider.
-
Where does Leaseweb provide storage services / what locations?
See the below table for an overview of where the Leaseweb Sales Entity has storage services.
|
Leaseweb Sales Entity |
Data location |
|
Leaseweb Netherlands B.V. |
The Netherlands |
|
Leaseweb Deutschland GmbH |
Germany |
|
Leasewb UK LTD. |
United Kingdom |
-
Does Leaseweb utilize subcontractors to provide its IAAS services?
Yes, Leaseweb uses local datacenter subcontractors in the form of data center providers
|
Leaseweb sales entity |
Subcontractor |
|
Leaseweb Netherlands B.V. |
Iron Mountain datacenter Maincubes datacenter |
|
Leaseweb Deutschland GmbH |
Iron Mountain datacenter NTT Global datacenters |
|
Leasewb UK LTD. |
Iron Mountain datacenter Atlas Edge datacenter |
-
Does Leaseweb perform frequent internal audits?
Yes, as evidenced Leaseweb is holding per Leaseweb Sales Entity its ISO 27001 certifications.