01
Collection of contracts for DORA
All contracts are classified by the client. The DORA-relevant contract documents are collected and stored in a structured form in a file. Internal input from the purchasing department and the specialist department is required here; we can provide support here on request.
02
analysis using an AI application
We import the documents and have them checked by an AI. We have previously trained this AI specifically to meet DORA requirements. The result is a report with the assignment to the two groups "compliant" and "non-compliant". Realistically, we assume that most of them are "non-compliant" because DORA was only introduced after the contract was signed and many contract components will therefore not be compliant.
03
proposal for changes
The AI assigns concrete suggestions for contract adjustments to the "non-compliant" contracts with specific reference to the deviations. The AI was specifically trained for this on the basis of DORA-compliant sample contracts. If no suitable templates are available in special cases, the adjustments are supplemented by experts.
04
Menschliche Kontrolle und Vertragsanpassungen
Since AI can also be wrong, the suggestions are checked by specialist staff before the adjustments are passed on. This can be done by the customer or by our specialist lawyers. The final delivery of the request for adjustments to the third-party service providers only takes place after this check. The further support of the change processes can be carried out by the customer or supported by us.
Check service provider contracts with AI for DORA compliance
Our process at a glance
I would be happy to work with Mr. Salvador and his team again on the next project. Thank you and all the best!
Andreas Freitag, BMW AG
My TISAX® audit went smoothly and was successful right from the start. We were able to demonstrate our information security in accordance with TISAX® and can now win new automotive customers.
Gaps in our preparation and testing were closed promptly and high-quality documents were delivered by Opexa. I can only recommend the team around Klaus Höllerer, Klaus Kilvinger and Thomas Salvador.
Dr. Samir Kadunic, MAASU GmbH
When reviewing customer requirements in the area of TISAX®, the company urgently needed advice. Thanks to the help of Opexa Advisory GmbH, we were able to meet our customer requirements and also achieve our goals with significant cost savings.
Opexa Advisory is the ideal partner due to its many years of automotive experience, project know-how and competent, efficient and uncomplicated support.
Herbert Schmidt, Dennemeyer & Co. GmbH
What our customers say
Frequently asked questions about contract management services for DORA
What effort is estimated for manual processing?
The effort varies greatly from customer to customer and depends on the variety of services, the quality and scope of the contracts, the quality of the documentation and the availability of documents and specialists in the specialist department. To simplify matters, a total time expenditure of 10-15 hours can be assumed per contract. The total time expenditure for 50 contracts is therefore 500-750 hours. That sounds like a lot, but it includes: preparation and planning with identification of the contracts, scanning of contracts that are not yet available in electronic form, checking DORA relevance, contract review with identification of DORA-relevant clauses, preparation of adjustment proposals, implementation and follow-up with negotiations with third parties, finalization and signing, all of this with review by the legal department and with support from the specialist department.
How long does it take to review and derive adjustment proposals?
As part of a preliminary proof of concept with a sample of typical customer documents, the data and output quality is checked. Only then are all contracts read in, then the screening begins and the adjustment suggestions are developed. For 500 contracts, we assume a processing time of max. 2 days, including reading in, output of adjustment suggestions and the creation of reports.
Does Opexa also support the preparation of screening?
Yes, we can compile the documents on request, but we attach great importance to the fact that the specialist departments carry out a check for inconsistencies or correct content before starting the screening. Complete and good central data storage is not found everywhere. From experience, it is not always clear to an outsider whether the files are correct, up-to-date and complete. In addition, the contracts are often stored in scattered locations (specialist department, purchasing, controlling) or even have to be searched for in emails or even requested from the customer as a copy. These connections are not transparent to external parties.
Does Opexa also support other tasks in DORA supplier management?
Yes, we support customers in achieving DORA compliance. Among other things, we help coordinate with suppliers when making contract adjustments. We can also take on additional tasks for critical ICTD, as this involves managing the collection of cascading contracts across multiple supplier levels. Cooperation cannot be relied upon everywhere here.
The effort required for this cannot currently be estimated, but the same content requirements exist in the supply chain!
We can also offer ongoing contract review with AI for the accompanying screening of new contracts or modified contracts that were previously DORA-compliant.
Significant reduction in effort and costs
Drastic acceleration of the process
Relief of the internal teams, the specialist departments can focus on strategic tasks and negotiations
Transparent, simple billing based on an onboarding fee and the amount of documents, the costs scale with the number of contracts
Document scans can also be checked for content
Multilingual solutions are possible
AI services are provided within the EU legal area
Flexible implementation with specialized lawyers or the customer's lawyers
advantages of our service
Financial companies are facing a challenge: they have to ensure their own DORA compliance. In addition, the information register must be filled promptly and made available to BaFin in January. Day-to-day business must be managed anyway. Any support in the area of third-party service providers is therefore welcome and has clear advantages:
The new regulatory requirements of the Digital Operations Resilience Act (DORA) pose significant challenges for many financial companies. The required review of existing contracts with third-party ICT service providers and their adaptation to the DORA requirements in accordance with Art. 30 can be a significant effort and cost driver that is often underestimated. The key challenges are the large number of different contract contents, formats and possibly related contracts, addendums, SLAs or general terms and conditions in conjunction with the tight DORA time frame. This means that there are quickly several hundred documents that need to be reviewed and the necessary changes must be specifically identified. This means that there are many contracts and a lot of time spent with limited resources. What is the best way to solve this?
We have developed a way for fast and high-quality implementation: AI-supported contract analysis and suggestion system!
We help financial companies and third-party ICT service providers to make their contractual content with their customers DORA-compliant. We can also offer this as part of a permanent audit service, i.e. for changes to contracts or for reviewing new contracts.