Validation framework for Register of Information

  • Release version: Australia
  • Updated May 15, 2026
  • 4 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Validation framework for Register of Information

    The Validation framework for the Digital Resilience Third-party Information Register (RoI) ensures that RoI packages comply with the Digital Operational Resilience Act (DORA) regulatory requirements. It performs real-time, multi-level validation during the upload of RoI packages, checking technical accuracy, regulatory alignment, and business rule compliance to maintain data integrity and structural correctness.

    Show full answer Show less

    Validation Levels and Process

    • Level 1 (Technical checks): Validates file encoding, naming, and structure through 29 specific rules.
    • Level 2 (Template checks): Ensures alignment with templates and schema using 12 rules.
    • Level 3 (Business rules): Applies 70 rules verifying regulatory logic and field dependencies within the data package model.
    • Level 4 (LEI validation): Batch validates Legal Entity Identifier codes against the GLEIF database, confirming entity status and consistency, with results provided in a downloadable report.

    Validation is automatically triggered upon uploading RoI Plain-CSV ZIP packages, with the system running checks across file-level, template-level, and field-level criteria. Validation results are returned in detailed downloadable reports highlighting errors, warnings, and mappings to regulatory fields.

    Role-Based Access and Configuration

    Third-party risk administrators with the TPR admin role can manage validation logic and view configuration settings through the Digital Operational Resilience Management interface. They also access properties related to CSV reporting and can maintain validation rules to ensure ongoing compliance.

    Validation Results and Notifications

    After validation, an automated email notification is sent to the user who initiated the upload or download request, providing access to validation results. If issues are detected, both the validation report and CSV package are attached to the request record. If no issues are found, only the CSV package is returned.

    The validation reports help identify structural and business-rule issues based on DORA specifications but do not replace supervisory authority determinations. Users can utilize master Excel templates, which mirror the CSV structure, to cross-reference errors and facilitate corrections.

    Common Validation Issues and Troubleshooting

    • Missing validation report: Indicates no errors or warnings; only the CSV package is returned.
    • Missing required fields: Empty or incorrectly formatted fields that must be corrected using the master template guidance.
    • Rule expression failures: Violations of business rules, often involving invalid LEI formats, empty currency fields, or missing contract references.
    • Invalid "Not applicable" values: Used incorrectly in fields; must be replaced or removed according to field definitions.
    • Report interpretation challenges: Use the master template to map error details to real-world field labels and records.
    • File size or encoding issues: ZIP files must be under 5 MB and use UTF-8 encoding; otherwise, reformat and re-upload.

    Practical Use for ServiceNow Customers

    This validation framework enables ServiceNow customers managing third-party risk to efficiently ensure that their Register of Information data packages satisfy DORA compliance requirements. The structured multi-level checks and automated reporting streamline error detection and correction, reducing manual effort and enhancing data quality for regulatory submissions. Role-based access ensures that only authorized administrators perform validation tasks, maintaining security and governance standards.

    The validation framework helps ensure that RoI packages meet regulatory requirements defined by the DORA.

    Validation overview

    The validation framework for the Digital Resilience Third-party Information Register application helps ensure that downloaded RoI packages comply with the structural, formatting, and data integrity requirements defined by the DORA. It supports a real-time, three-level validation system that automatically checks for technical accuracy, regulatory alignment, and business rule compliance during the upload process.

    • Level 1 (Technical checks): 29 rules validating file encoding, structure, and naming.
    • Level 2 (Data package mode technical checks): 12 rules ensuring template and schema alignment.
    • Level 3 (Data package model business rules): 70 rules verifying regulatory logic and field dependencies.
    Note:
    The Data Package Model is used to structure and validate RoI packages.

    The DPM business validation rules and report.json, reportPackage.json, FrameworkCodeModuleVersion properties enable Third-party risk admins [sn_vdr_risk_asmt.vendor_admin] to view and maintain validation logic and configuration settings for CSV reporting and automated validation. Third-party risk admins can access these properties by navigating to All > Digital Operational Resilience Management and then selecting Properties or DPM Business Validation Rules.

    Validation process

    Validation is performed automatically when a Register of Information (RoI)Plain-CSV reporting package is uploaded. As soon as the ZIP package is uploaded using a download/upload request, the system initiates real-time validation without requiring a separate request type. The system performs checks across multiple dimensions:

    • File-level validation: Ensures correct encoding, naming conventions, and file structure.
    • Template-level validation: Verifies that required templates are present and formatted correctly.
    • Field-level validation: Applies rule expressions to check for missing values, incorrect formats, and invalid references.

    Validation results are returned in a downloadable report that includes:

    • Mappings to regulator fields such as Template Code, Row Code, and Column Code.
    • Rule expressions and descriptions.
    • Real-world field labels and record identifiers.
    • Row-level error summaries.

    Third-party risk managers (sn_vdr_risk_asmt.vendor_manager) can review downloaded RoI packages using the same Plain-CSV Report Package option. After a validation report is generated for a Register of Information (RoI) package, the system automatically sends an email notification to whoever initiated the download or upload request. This email alerts the user that the process has been completed and provides access to the results. If validation warnings are detected, both the validation report and the CSV package are attached to the request record. If no issues are found, only the CSV package is included. This automated notification ensures timely awareness and facilitates efficient follow-up actions for compliance and data correction workflows.

    Validation checks help identify structural and business‑rule issues based on DORA‑aligned specifications. Validation results do not represent a regulatory determination, and supervisory authorities may apply additional or updated checks when reviewing submitted data.

    To assist with error resolution, you can cross-reference the validation report with downloadable master templates that mirror the CSV structure. These templates help identify the location and context of each issue, making it easier to correct data in the ServiceNow instance or source system. Validation reports are only generated when errors or warnings are detected. If no issues are found, only the CSV package is returned.

    To improve troubleshooting, the system maps rule expressions to real-world field labels and record identifiers. Even when malformed data is uploaded, the validation API returns meaningful error messages to help you identify and resolve issues efficiently.

    Excel master templates are available for download from the Download/Upload Request page. These templates mirror the expected CSV structure and provide field definitions, formats, and sample values to assist with validation and error resolution.

    Important:
    Only users with the TPR admin [sn_vdr_risk_asmt.vendor_risk_admin] role can perform validation tasks.

    Common validation issues

    Refer to the following guidance to troubleshoot common validation issues when submitting RoI packages.

    • Validation report is missing: The uploaded package contains no errors or warnings. Check the Result section of the request. If no issues are found, only the CSV package is returned and no validation report is generated.
    • Missing required fields: One or more required fields are empty or incorrectly formatted. Open the validation report and locate the affected row and column. Use the master template to identify the correct field name and expected format. Update the record in the ServiceNow instance or source system and revalidate.
    • Rule expression failures: The data violates one or more business rules defined in the validation framework. Review the rule expression and description in the validation report. Use the record identifier to locate the affected record and correct the data. Common issues include invalid LEI formats, empty currency fields, or missing contract references.
    • Invalid use of “Not applicable” values: These values are used in fields that don’t support them. Check the field definition in the master template. Replace “Not applicable” with a valid value or remove it if the field is required. Revalidate the updated package.
    • Validation report is difficult to interpret: The report lacks context or field labels are unclear. Download the master template and use it to cross-reference the row number, sheet name, and record identifier. This helps locate the affected record and understand the validation error in context.
    • File size or encoding issues: The uploaded ZIP file exceeds the 5-MB limit or uses unsupported encoding. Compress the file to meet the size requirement and verify all CSV files use UTF-8 encoding. Re-upload the corrected package.