Data IntelligenceAI ControlRAG SystemsVoice AIDORA LibraryBlogAboutPricingSchedule Review
← Back to DORA Library
EUIn ForceJanuary 2025

TIBER-EU Service Provider Procurement Guidance

TIBER-EU: Guidance for Service Provider Procurement

European Central Bank (ECB)
Updated Jan 1, 2025
vJanuary 2025

Abstract

Guidance issued under the TIBER-EU framework describing requirements, selection criteria, and governance considerations for procuring Threat Intelligence Providers (TIPs) and Red Team Testers (RTTs) when conducting intelligence-led red-team tests on live production systems in the financial sector.

Key Takeaways

  • Defines mandatory and recommended requirements for selecting Threat Intelligence Providers (TIPs) and Red Team Testers (RTTs) in TIBER-EU tests.
  • Emphasizes governance, risk management, confidentiality, and ethical standards when procuring testing providers.
  • Specifies competence, experience, staffing, and certification expectations for threat intelligence and red team personnel.
  • Provides detailed procurement considerations, due-diligence questions, and example contractual clauses to support safe and controlled testing.
  • Highlights the importance of realistic threat scenarios, collaboration between TIP and RTT, and strict handling of sensitive information.

Keywords

TIBER-EURed TeamThreat Intelligence ProviderRTTTIPTLPTOperational ResilienceECB GuidanceFinancial Sector Cybersecurity

Need DORA-Aligned AI Architecture?

We build AI systems that satisfy DORA requirements from day one. Audit trails, governance, exit readiness - built in, not bolted on.

Schedule Architecture Reviewviktor@intellectumlab.com | Response within 24 hours