tprm.mlab.sh tprm.mlab.sh
Overview
Features
Workflow
Pricing
Docs
Changelog
  Sign in
Changelog

What's new in tprm.mlab.sh

Stay up to date with the latest releases, improvements and fixes for the self-hosted DORA Third-Party Risk Management platform.

  What is TPRM?   Documentation   Pricing
v1.4.0 Latest
Jun 20, 2026
v1.3.0
Apr 28, 2026
v1.2.0
Mar 10, 2026
v1.1.0
Jan 22, 2026
v1.0.1
Dec 12, 2025
v1.0.0
Nov 18, 2025
v1.4.0
Latest
Full Register of Information conformance — all 15 EBA templates aligned to RF 4.0 and deposit-ready.
Jun 20, 2026

New

  • Entities within scope (B_01.02). Dedicated module to declare every in-scope entity with controlled entity-type (eba_CT:), country (eba_GA:), reporting (eba_RP:) and currency (eba_CU:) codes — the full 11 official columns.
  • List of branches (B_01.03). Record branches with their head-office LEI, name and country — completing the B_01 block.
  • Definitions (B_99.01). A definitions sheet feeding the template’s 19 columns, so the register exports its full taxonomy context.
  • Referential-integrity validation. A Validate button reports missing entity/LEI, absent or duplicate contract references and orphan keys before you build the package.
  • Per-template export. Download any single template as CSV (⬇ per row) alongside the full .zip deposit package.

Improved

  • All 15 templates realigned to RF 4.0. B_01.01, B_05.01, B_06.01 and B_07.01 had their columns re-mapped to the official positions; every typed field now uses controlled EBA vocabularies (eba_TA, eba_qCO, eba_GA, eba_CU, eba_ZZ, eba_CO, eba_BT, eba_RP, eba_CT).
  • Providers carry a real LEI and code type (qCO). The export now identifies providers by their LEI instead of an internal UUID across B_02.02, B_03.02, B_05.01, B_05.02 and B_07.01.
  • DORA contract specifics wired end-to-end (B_02.02). Notice period, governing law, provision & data-storage country, data locations and sensitivity/dependency flags are now captured and exported.
  • Exit-plan existence (B_07.01) is derived automatically from a recorded exit strategy.
  • The xBRL-CSV package sets decimalsMonetary precision and the official deposit naming, with per-template FilingIndicators.

Fixed

  • Business writes (providers, contracts, functions, assessments, entity-info) now surface SQL errors as HTTP 400 instead of a silent false « success ».
  • Quick status changes on an assessment no longer wipe the other fields.
  • Function ↔ provider linking (« Link Provider » returning « Not found ») and the Entity Info form not repopulating after reload are fixed.
  • Corrected B_03.x link-column codes (e.g. B_03.03 set to the official 0031) and several CSV header column counts.
v1.3.0
Subcontracting chains, function mapping and a sturdier register validator.
Apr 28, 2026

New

  • ICT supply chains (B_05.02). Map subcontractors per contract and provider with rank (direct / indirect), country and the 19 official eba_TA:S01S19 service-type codes.
  • Function ↔ provider mapping (B_06.01). Many-to-many links between business functions and providers, each carrying its contract and ICT service type.
  • Intra-group links (B_02.03). Chain client ↔ intra-group provider ↔ external TPP with contract-reference autocompletion.

Improved

  • Register validation now reports errors, warnings and infos per template, covering referential integrity, LEI/date/EBA-code formats, mandatory fields and uniqueness.
  • Faster aggregation across all 15 templates when building the deposit package.
v1.2.0
Concentration risk, exit strategies and richer analytics.
Mar 10, 2026

New

  • Concentration risk analysis. By category and geography, with doughnut/bar charts and risk thresholds (>50% high, >30% medium).
  • Exit strategies (Art. 30). Document, version and schedule tests of exit plans for critical ICT dependencies.
  • Advanced analytics dashboard. Compliance progress bars, top-risk providers and expiring-contract widgets.

Improved

  • Provider detail view consolidated into five tabs: Overview, Contracts, Assessments, Exit strategy, Incidents.
v1.1.0
Due diligence, audit tracking and the Article 30 checklist.
Jan 22, 2026

New

  • Due diligence (Art. 28(4)). Pre-contractual checklist with decision and risk summary.
  • Audit tracking (Art. 28(5-6)). Audit types, finding severity and corrective-action follow-up.
  • Article 30 checklist. Art. 30(2) clauses for every contract and Art. 30(3) clauses for critical/important functions.
v1.0.1
Reliability patches: SQL errors surfaced, export fixes, simple extract.
Dec 12, 2025

Fixed

  • All business writes (create / update) now surface SQL errors to the UI — no more silent false « success ».
  • Corrected several edge cases in the EBA CSV export (escaping, empty controlled-code fields, per-template downloads).
  • Added a simple extract path for quick, raw CSV pulls of the register.
v1.0.0
Initial release — DORA register, the 15 EBA templates and the xBRL-CSV deposit package.
Nov 18, 2025

Highlights

  • DORA register of information (Art. 28(3)). Consolidated view of every ICT third-party arrangement.
  • 15 EBA ITS templates (Reporting Framework 4.0) with controlled eba_* codes: B_01.01 … B_99.01.
  • Deposit-ready xBRL-CSV (.zip) package matching the official structure (META-INF/reportPackage.json, reports/report.json, parameters.csv, FilingIndicators.csv + 15 CSVs).
  • Provider, contract, risk-assessment and third-party incident management.
  • Self-hosted Rust / Actix-web stack with MySQL + ClickHouse, deployed via Docker Compose.