Validation framework for Register of Information in Operational Resilience

  • Release version: Australia
  • Updated March 12, 2026
  • 4 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Validation framework for Register of Information in Operational Resilience

    The validation framework for the Digital Resilience Third-party Information Register (RoI) application ensures that RoI packages comply with the Digital Operational Resilience Act (DORA) regulatory requirements. It performs automatic, real-time validation of uploaded RoI CSV packages, checking structural, formatting, and data integrity aspects to support operational resilience compliance.

    Show full answer Show less

    Key Features

    • Three-level validation system:
      • Level 1 (Technical checks): Validates file encoding, structure, and naming conventions with 29 rules.
      • Level 2 (Template and schema checks): Ensures alignment with templates and schema using 12 rules.
      • Level 3 (Business rules): Applies 70 rules verifying regulatory logic and field dependencies.
    • Automatic validation on upload: Validation initiates immediately when ZIP packages are uploaded via Excel download/upload requests, removing the need for separate validation steps.
    • Validation report generation: If errors or warnings are found, a detailed downloadable report is provided with mappings to regulator fields, rule descriptions, field labels, and row-level error summaries.
    • Automated notifications: Users who upload or download RoI packages receive email alerts with validation outcomes and attached reports or CSV packages to facilitate timely follow-up.
    • Support for error resolution: Downloadable Excel templates mirror the CSV structure to help users identify and fix data issues efficiently.
    • Role-based access: Operational Resilience administrators and managers have permission to perform validation tasks and maintain validation configurations.

    Validation Process Details

    • File-level checks: Confirm correct encoding, naming, and file structure.
    • Template-level checks: Ensure required templates are present and formatted properly.
    • Field-level checks: Apply specific rule expressions to validate data completeness, formats, and references.
    • Error handling: Even malformed data triggers meaningful error messages to assist troubleshooting.

    Troubleshooting Common Validation Issues

    • No validation report generated: Occurs when no errors or warnings are found; only the CSV package is returned.
    • Missing required fields: Identify affected rows and columns in the validation report, then update source data accordingly.
    • Rule expression failures: Review rule descriptions and correct data errors such as invalid LEIs, empty currency fields, or missing references.
    • Invalid LEI values: Only LEIs validated against the GLEIF database are accepted; errors must be corrected in the source record or template.
    • Incorrect use of “Not applicable” values: Replace or remove unsupported “Not applicable” entries per field definitions.
    • Difficulty interpreting reports: Use downloadable templates to cross-reference validation errors with specific records and fields.
    • File size or encoding issues: Ensure ZIP files are under 5 MB and use UTF-8 encoding before upload.

    Practical Benefits for ServiceNow Customers

    This validation framework enables ServiceNow customers to efficiently verify compliance of their RoI data packages with DORA requirements through automated, transparent, and actionable validation processes. It streamlines error detection and correction, supports regulatory reporting accuracy, and enhances operational resilience management by providing meaningful feedback and notifications directly within the ServiceNow platform.

    The validation framework helps to verify that RoI packages meet regulatory requirements defined by the DORA.

    Validation overview

    The validation framework for the Digital Resilience Third-party Information Register application ensures that downloaded RoI packages comply with the structural, formatting, and data integrity requirements defined by the DORA. It supports a real-time, three-level validation system that automatically checks for technical accuracy, regulatory alignment, and business rule compliance during the upload process.

    • Level 1 (Technical checks): 29 rules validating file encoding, structure, and naming.
    • Level 2 (Data package mode technical checks): 12 rules ensuring template and schema alignment.
    • Level 3 (Data package model business rules): 70 rules verifying regulatory logic and field dependencies.
    Note:
    The Data Package Model is used to structure and validate RoI packages.

    The DPM business validation rules and report.json, reportPackage.json, FrameworkCodeModuleVersion properties enable Third-party risk admins [sn_vdr_risk_asmt.vendor_admin] to view and maintain validation logic and configuration settings for CSV reporting and automated validation. Third-party risk admins can access these properties by navigating to All > Digital Operational Resilience Management and then selecting Properties or DPM Business Validation Rules.

    Validation process

    Validation is now performed automatically during the upload of RoI CSV files. As soon as the ZIP package is uploaded via an Excel download/upload request, the system initiates real-time validation without requiring a separate request type. The system performs checks across multiple dimensions:

    • File-level validation: Ensures correct encoding, naming conventions, and file structure.
    • Template-level validation: Verifies that required templates are present and formatted correctly.
    • Field-level validation: Applies rule expressions to check for missing values, incorrect formats, and invalid references.

    Validation results are returned in a downloadable report that includes:

    • Mappings to regulator fields such as Template Code, Row Code, and Column Code.
    • Rule expressions and descriptions.
    • Real-world field labels and record identifiers.
    • Row-level error summaries.

    Operational Resilience managers (sn_oper_res.manager) can validate downloaded RoI packages using the same Plain-CSV Report Package option. After a validation report is generated for a Register of Information (RoI) package, the system automatically sends an email notification to whoever initiated the download or upload request. This email alerts the user that the process has completed and provides access to the results. If validation warnings are detected, both the validation report and the CSV package are attached to the request record. If no issues are found, only the CSV package is included. This automated notification ensures timely awareness and facilitates efficient follow-up actions for compliance and data correction workflows.

    To assist with error resolution, users can cross-reference the validation report with downloadable templates that mirror the CSV structure. These templates help identify the location and context of each issue, making it easier to correct data in the ServiceNow instance or source system. Validation reports are only generated when errors or warnings are detected. If no issues are found, only the CSV package is returned.

    To improve troubleshooting, the system maps rule expressions to real-world field labels and record identifiers. Even when malformed data is uploaded, the validation API returns meaningful error messages to help users identify and resolve issues efficiently.

    Excel templates are available for download from the Download/Upload Request page. These templates mirror the expected CSV structure and provide field definitions, formats, and sample values to assist with validation and error resolution.

    Important:
    The Operational Resilience administrators (sn_oper_res.admin) and managers (sn_oper_res.managers) can perform the validation tasks.

    Common validation issues

    Refer to the following guidance to troubleshoot common validation issues when submitting RoI packages.

    • Validation report is missing: The uploaded package contains no errors or warnings. Check the Result section of the request. If no issues are found, only the CSV package is returned and no validation report is generated.
    • Missing required fields: One or more required fields are empty or incorrectly formatted. Open the validation report and locate the affected row and column. Use the template to identify the correct field name and expected format. Update the record in the ServiceNow instance or source system and revalidate.
    • Rule expression failures:

      The data violates one or more business rules defined in the validation framework. Review the rule expression and description in the validation report. Use the record identifier to locate the affected record and correct the data. Common issues include invalid LEI formats, empty currency fields, or missing contract references.

    • Invalid use of “Not applicable” values: These values are used in fields that don’t support them. Check the field definition in the template. Replace “Not applicable” with a valid value or remove it if the field is required. Revalidate the updated package.
    • Validation report is difficult to interpret: The report lacks context or field labels are unclear. Download the template and use it to cross-reference the row number, sheet name, and record identifier. This helps locate the affected record and understand the validation error in context.
    • File size or encoding issues: The uploaded ZIP file exceeds the 5 MB limit or uses unsupported encoding. Compress the file to meet the size requirement and ensure all CSV files use UTF-8 encoding. Re-upload the corrected package.

    For more information, see Validate the Register of Information packages.