My favourites

Chapter II – ICT risk management (Art. 5-16)

Art. 5 DORA - Governance and organisation arrow_right_alt

Art. 6 DORA - ICT risk management framework arrow_right_alt

Art. 7 DORA - ICT systems, protocols and tools arrow_right_alt

In order to address and manage ICT risk, financial entities shall use and maintain updated ICT systems, protocols and tools that are:

    1. appropriate to the magnitude of operations supporting the conduct of their activities, in accordance with the proportionality principle as referred to in Article 4;
    2. reliable;
    3. equipped with sufficient capacity to accurately process the data necessary for the performance of activities and the timely provision of services, and to deal with peak orders, message or transaction volumes, as needed, including where new technology is introduced;
    4. technologically resilient in order to adequately deal with additional information processing needs as required under stressed market conditions or other adverse situations.
Close tabsclose
  • 47
  • 48

Recital 47

Inspired by relevant international, national and industry best practices, guidelines, recommendations and approaches to the management of cyber risk, this Regulation promotes a set of principles that facilitate the overall structure of ICT risk management. Consequently, as long as the main capabilities which financial entities put in place address the various functions in the ICT risk management (identification, protection and prevention, detection, response and recovery, learning and evolving and communication) set out in this Regulation, financial entities should remain free to use ICT risk management models that are differently framed or categorised.

Recital 48

To keep pace with an evolving cyber threat landscape, financial entities should maintain updated ICT systems that are reliable and capable, not only for guaranteeing the processing of data required for their services, but also for ensuring sufficient technological resilience to allow them to deal adequately with additional processing needs due to stressed market conditions or other adverse situations.

Art. 8 DORA - Identification arrow_right_alt

Art. 9 DORA - Protection and prevention arrow_right_alt

Art. 10 DORA - Detection arrow_right_alt

Art. 11 DORA - Response and recovery arrow_right_alt

Art. 12 DORA - Backup policies and procedures, restoration and recovery procedures and methods arrow_right_alt

Art. 13 DORA - Learning and evolving arrow_right_alt

Art. 14 DORA - Communication arrow_right_alt

Art. 15 DORA - Further harmonisation of ICT risk management tools, methods, processes and policies arrow_right_alt

Art. 16 DORA - Simplified ICT risk management framework arrow_right_alt