Building a DORA Register of Information that survives a supervisor

Of all DORA's requirements, the Register of Information is one of the most tangible: a structured record of your ICT third-party arrangements that supervisory authorities can ask for — and expect to be accurate.

What the Register is

The Register of Information is a maintained inventory of your contractual arrangements for the use of ICT services provided by third-party providers. It ties together your suppliers, the functions they support, and the nature of each arrangement — particularly which support critical or important functions.

It is not a one-off questionnaire. It's a living record that should reflect reality at any point a supervisor asks for it.

What tends to go wrong

Most organisations start in a spreadsheet. That works until:

• A supplier changes and the sheet doesn't
• Two teams keep two versions
• A function gets reclassified and nothing downstream updates
• Audit asks for evidence the sheet only summarises

The Register fails not because the data is hard, but because keeping it synchronised by hand is hard.

What good looks like

A durable Register treats each entry as connected data, not a row:

• Suppliers linked to the functions they support
• Each function classified (critical/important vs other), with the rationale recorded
• The relevant Article 30 provisions tracked per arrangement
• Changes captured with an audit trail, so history is provable
• One-click export in the expected structure for the authority

Make it a by-product, not a project

The most reliable Registers aren't maintained as a separate task — they're a by-product of how you already manage suppliers and critical-function declarations. When updating a supplier or a classification automatically updates the Register, drift disappears.

That's the approach ResiliencePilot takes: the Register of Information is generated from your supplier arrangements and critical-function declarations, kept audit-ready and exportable. See the DORA solution for the full picture.