The banks adhering to the service establish conditions for contracting, depending on the criticality or the importance of the function to be outsourced. Based on the rating obtained, the entity can check if the service meets the required conditions. And doing so it complies with the EBA regulations.
Only those reports signed by audit companies that have a valid approval from the CCI may be requested to register.
The suppliers, after their audit and with the detailed reports received from the auditing company, can request the CCI to register the results so that their cybersecurity rating is available to the association's member entities.
The audits are carried out taking as a reference the control framework that has been developed by LEET Security for the CCI.