Navigate / EASA
Ask question Discover more Add to collection

IS.D.OR.235 Contracting of information security management activities

Regulation (EU) 2022/1645

(a)     The organisation shall ensure that when contracting any part of the activities referred to in point IS.D.OR.200 to other organisations, the contracted activities comply with the requirements of this Regulation and the contracted organisation works under its oversight. The organisation shall ensure that the risks associated with the contracted activities are appropriately managed.

(b)     The organisation shall ensure that the competent authority can have access upon request to the contracted organisation to determine continued compliance with the applicable requirements laid down in this Regulation.
Details
Source-Title: IS.D.OR.235 Contracting of information security management activities
Erulesid: ERULES-1963177438-19916 Compare versions
Domain: Information Security (IS)
Applicabilitydate: 16 October 2025
Entryintoforcedate: 16 October 2022
Regulatorysource: Regulation (EU) 2022/1645 Navigate
Regulatorysubject: Part-IS.D.OR
Typeofcontent: DR (Delegated rule)
Origin: EASA
Category: EAR
Related sections: