My favourites

Chapter II – ICT risk management (Art. 5-16)

Art. 5 DORA - Governance and organisation arrow_right_alt

Art. 6 DORA - ICT risk management framework arrow_right_alt

Art. 7 DORA - ICT systems, protocols and tools arrow_right_alt

Art. 8 DORA - Identification arrow_right_alt

Art. 9 DORA - Protection and prevention arrow_right_alt

Art. 10 DORA - Detection arrow_right_alt

  1. Financial entities shall have in place mechanisms to promptly detect anomalous activities, in accordance with Article 17, including ICT network performance issues and ICT-related incidents, and to identify potential material single points of failure.

All detection mechanisms referred to in the first subparagraph shall be regularly tested in accordance with Article 25.

  1. The detection mechanisms referred to in paragraph 1 shall enable multiple layers of control, define alert thresholds and criteria to trigger and initiate ICT-related incident response processes, including automatic alert mechanisms for relevant staff in charge of ICT-related incident response.
  2. Financial entities shall devote sufficient resources and capabilities to monitor user activity, the occurrence of ICT anomalies and ICT-related incidents, in particular cyber-attacks.
  3. Data reporting service providers shall, in addition, have in place systems that can effectively check trade reports for completeness, identify omissions and obvious errors, and request re-transmission of those reports.

Art. 11 DORA - Response and recovery arrow_right_alt

Art. 12 DORA - Backup policies and procedures, restoration and recovery procedures and methods arrow_right_alt

Art. 13 DORA - Learning and evolving arrow_right_alt

Art. 14 DORA - Communication arrow_right_alt

Art. 15 DORA - Further harmonisation of ICT risk management tools, methods, processes and policies arrow_right_alt

Art. 16 DORA - Simplified ICT risk management framework arrow_right_alt