tprm.mlab.sh tprm.mlab.sh
Overview
Features
Workflow
Pricing
Docs
Changelog
  Sign in
Capabilities

Everything DORA requires, nothing you don't.

Every module maps to a DORA article and an EBA ITS template. No generic vendor-risk bloat — just the features that produce a register you can defend.

Dashboard

Your third-party ecosystem at a glance

Real-time statistics

Total providers, critical providers, assessments in progress and open incidents — live.

Criticality & risk views

Provider distribution by criticality, plus risk-score distribution with the average score.

Expiring contracts

Contracts reaching their term within 90 days, surfaced in a single table.

Recent incidents

Latest third-party incidents with severity and status.

Recent activity

A log of the latest user actions across the platform.

Quick access

Direct links to every module — providers, assessments, contracts, risk, exits, register and analytics.

Providers & contracts

The register's backbone

Providers

The central register of every ICT third-party. Full identification — LEI and identifier-code type, person type, head-office country, ultimate parent — with a 5-tab detail view (overview, contracts, assessments, exit strategy, incidents).

B_05.01
Contracts

Contractual arrangements with mandatory contract reference, arrangement type, dates, currency, annual cost and DORA-specific fields (notice periods, applicable law, data storage, sensitivity, dependency). Feeds the contract templates directly.

B_02.x B_03.x B_04.01
Subcontracting

Map ICT supply chains: subcontractor name, LEI and country, rank in the chain (direct vs indirect), one of 19 official ICT service-type codes and the data-processing country.

B_05.02 Licensed
Due diligence

Pre-contractual assessment of ICT providers — checklist (critical-function support, supervision, concentration, conflicts, suitability, security, continuity, exit), findings, risk summary and a decision (approved / rejected / conditional).

Art. 28(4) Licensed
Risk management

Score, monitor, audit

Risk assessments

Overall risk score (1–100) plus per-category scores (operational, security, compliance, financial, concentration), review dates, history and the DORA ICT-service assessment (substitutability, reintegration, discontinuity impact, alternatives).

B_07.01
Concentration risk

Concentration analysis by category (doughnut + table) and by geography (bar + table), with risk thresholds: >50% high, >30% medium, <30% low.

Licensed
Audit tracking

Track audit rights and completed audits — type (standard, on-site, remote, third-party, certification), status, finding severity, corrective actions, scope and recommendations.

Art. 28(5-6) Licensed
DORA compliance

The register, end to end

Business functions

Critical/important functions supported by ICT providers, with licensed-activity code, RTO/RPO, discontinuity impact and many-to-many function↔provider mapping.

B_06.01 Licensed
Article 30 checklist

Contractual-clause verification: the Art. 30(2) clauses required for all contracts and the Art. 30(3) clauses required for critical/important functions.

Art. 30 Licensed
DORA register

The consolidated register of information over all ICT contractual arrangements — aggregated criticality, status, last assessment, risk score, contract status and exit-plan existence, with CSV export and print.

Art. 28(3) Licensed
EBA export — 15 templates

Generate all 15 EBA ITS templates (Reporting Framework 4.0) with controlled eba_* codes, per-template preview, CSV downloads, integrity validation and the deposit-ready xBRL-CSV .zip package.

ITS 4.0 Licensed
Entity info

Identify the reporting financial entity: LEI, name, country, entity type (22 official codes), competent authority and register reference date.

B_01.01 Licensed
Scope entities

Group entities covered by the register: LEI, name, country, entity type (24 codes), group hierarchy, direct-parent LEI, register dates and total-asset value.

B_01.02 Licensed
Branches

List of branches of the in-scope financial entities — branch identification code, head-office LEI, name and country.

B_01.03 Licensed
Intragroup links

Chain intragroup contractual arrangements (intragroup client↔provider↔external TPP) with contract-reference autocompletion.

B_02.03 Licensed
Register definitions

Your entity's internal definitions for the 19 coded register options (data sensitivity, substitutability, reintegration, discontinuity impact…).

B_99.01 Licensed
Exit strategies

Document exit strategies for critical ICT dependencies — plan title and content, status (draft / active / tested), versioning, last-test and next-test dates.

Art. 30 Licensed
EBA ITS · Reporting Framework 4.0

The 15 templates we generate

Every module feeds the register. tprm.mlab.sh aggregates your data into the complete set of EBA ITS templates with controlled eba_* codes.

B_01.01 B_01.02 B_01.03 B_02.01 B_02.02 B_02.03 B_03.01 B_03.02 B_03.03 B_04.01 B_05.01 B_05.02 B_06.01 B_07.01 B_99.01
Template Official title
B_01.01Entity maintaining the register of information
B_01.02List of entities within the scope of the register
B_01.03List of branches
B_02.01Contractual arrangements – General information
B_02.02Contractual arrangements – Specific information
B_02.03List of intra-group contractual arrangements
B_03.01Entities signing for receiving ICT services
B_03.02ICT third-party service providers signing the arrangements
B_03.03Entities signing for providing ICT services (intra-scope)
B_04.01Entities making use of the ICT services
B_05.01ICT third-party service providers
B_05.02ICT service supply chains
B_06.01Functions identification
B_07.01Assessment of the ICT services
B_99.01Definitions
Incidents & analytics

Track what breaks, measure what matters

Third-party incidents

Report and track incidents involving providers — severity, status (open / investigating / resolved / closed), impact description, resolution and lessons learned, with automatic provider linkage.

Pillar IV
Analytics

An advanced analytics dashboard: providers by criticality, assessment-status and risk-score distributions, incidents over time, compliance progress bars, top-risk providers and soon-to-expire contracts.

Licensed
Organization & settings

Run it your way

Team

List organization members, invite new users by email and remove members.

Roles & permissions

Role-based access control with a 12-bit permission set — team, providers, assessments, contracts, exits, incidents, risk dashboard, analytics, settings and register/compliance.

RBAC 12-bit
API keys

Create API keys (mlab_ prefix) with a descriptive note and revoke them. Free is read-only (GET); Licensed gets full CRUD.

License

See your current tier and limits, providers and users used vs. maximum, and the features available on your tier.

Account settings

Update your name, change your password and upload an avatar (JPG, PNG, GIF, WebP — 5 MB max).

Authentication & API

Email/password login, email verification by security code, token-based password reset, secure HTTP-only cookie sessions and token API auth (Authorization: token <api_key>).

See how it all comes together

The overview walks through the lifecycle, the personas and the DORA coverage in detail.

  Read the overview Quick start