Register of information regulatory packages

  • Release version: Australia
  • Updated May 15, 2026
  • 2 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Register of information regulatory packages

    The Register of Information (RoI) is a mandatory regulatory reporting package under the Digital Operational Resilience Act (DORA) for financial entities. It captures structured data about legal entities, third-party service providers, contracts, and functions to demonstrate compliance. ServiceNow’s Digital Resilience Third-party Information Register application, within the Vendor Management Workspace, supports the creation, validation, and submission of these RoI packages.

    Show full answer Show less

    Key Features

    • RoI Package Generation: Third-party assessors can generate regulator-ready RoI packages in a ZIP file using the Plain-CSV Report Package option. These packages include metadata and report folders structured according to European Banking Authority specifications and contain identifiers such as LEI and entity ID.
    • Data Preparation Templates: Excel master templates are available for data preparation and internal review, while Plain-CSV packages are intended for regulator submission and compliance validation.
    • Validation Framework: The RoI framework integrates business validation rules and configuration files (e.g., report.json) to automate technical, schema, and business rule checks. Validation reports are automatically emailed to request initiators if errors or warnings occur.
    • Currency Conversion and Aggregation: Optional features allow standardization of currency and aggregation of third-party total expenses in reports without altering source data.
    • Legal Entity Identifier (LEI) Validation: Level 4 LEI validation is performed against the GLEIF database, with validation reports included in the consolidated package.
    • Role-Based Access Control: Role-specific permissions enable third-party risk administrators and assessors to manage RoI requests, validation logic, and configuration settings within the Vendor Management Workspace.

    Practical Use and Benefits

    ServiceNow customers can leverage the Digital Resilience Third-party Information Register to efficiently comply with DORA reporting obligations. The solution ensures regulatory alignment through structured data capture, automated validation, and standardized reporting formats, reducing manual effort and minimizing submission errors. By using built-in tools for currency conversion, aggregation, and LEI validation, customers can produce accurate, regulator-ready packages that support auditability and compliance transparency.

    All RoI-related activities—such as data management, report generation, validation, and submission—are consolidated within the Vendor Management Workspace to streamline workflows and maintain security through role-based access.

    The Register of Information (RoI) is a regulatory reporting requirement under the Digital Operational Resilience Act (DORA) and is supported by the Digital Resilience Third-party Information Register application in the Vendor Management Workspace application.

    RoI overview

    The RoI is a structured data package that financial entities must submit to regulators to demonstrate compliance with DORA. It includes information about legal entities, third-party service providers, contracts, and functions.

    Starting with version 21.1.x, third-party assessors (sn_vdr_risk_asmt.vendor_assessor) can generate regulator-ready RoI packages using the Plain-CSV Report Package option on the download page. The ZIP file includes metadata and report folders structured to regulator specifications, with file names containing LEI, entity ID, and release version. This enhancement ensures EU DORA compliance and supports automated validation workflows. You can follow the guide provided in the Instructions section on the Download/Upload request page for step-by-step instructions and required permissions.

    Note:
    You can use the Excel master template option to download a document to use for data preparation and internal review and the Plain-CSV reporting package option to download a document to use for regulator submission and compliance validation.

    The RoI framework is designed to align with DORA’s five pillars, particularly ICT third-party risk management and incident reporting. TPRM contributes third-party risk data that is included in RoI packages generated by Digital Operational Resilience capabilities. These RoI packages follow the European Banking Authority’s structure and validation requirements.

    Note:
    RoI framework includes DPM business validation rules and additional configuration files such as report.json, reportPackage.json, and FrameworkCodeModuleVersion. These components enable third-party risk administrators (sn_vdr_risk_asmt.vendor_admin) to view and maintain validation logic and configuration settings for CSV reporting and automated validation workflows, ensuring consistency and compliance across regulatory submissions. TPR admins can access these properties by navigating to All > Digital Operational Resilience Management > Properties and can access DPM business validation rules by navigating to All > Digital Operational Resilience Management > DPM business validation rules.

    After validation completes, the system automatically notifies the request initiator by email and attaches the validation report when errors or warnings are detected.

    Currency conversion and aggregation

    During report generation, you can enable optional currency conversion and third‑party total expense aggregation. These options standardize or combine annual expense values in the reporting package. These options affect only the generated reporting package and do not modify source records in the digital resilience registers.

    For more information, see Currency conversion and third-party total expense aggregation.

    Digital Resilience Third-party Information Register support for RoI

    The Digital Resilience Third-party Information Register provides the following capabilities to support RoI compliance:

    • Data capture for entities, contracts, functions, and third parties
    • CSV report generation aligned with regulator specifications
    • ZIP packaging with metadata and report folders
    • Validation workflows for technical, schema, and business rule checks
    • Role-based access for managing RoI requests
    Note:

    All RoI-related actions are performed in the Digital resilience third-party registers section of the Vendor Management Workspace. This workspace provides access to download/upload requests, validation tools, and master templates.

    For more information, see Generate a register of information package