My favourites

Chapter II – ICT risk management (Art. 5-16)

Art. 5 DORA - Governance and organisation arrow_right_alt

Art. 6 DORA - ICT risk management framework arrow_right_alt

Art. 7 DORA - ICT systems, protocols and tools arrow_right_alt

Art. 8 DORA - Identification arrow_right_alt

Art. 9 DORA - Protection and prevention arrow_right_alt

Art. 10 DORA - Detection arrow_right_alt

Art. 11 DORA - Response and recovery arrow_right_alt

Art. 12 DORA - Backup policies and procedures, restoration and recovery procedures and methods arrow_right_alt

Art. 13 DORA - Learning and evolving arrow_right_alt

Art. 14 DORA - Communication arrow_right_alt

  1. As part of the ICT risk management framework referred to in Article 6(1), financial entities shall have in place crisis communication plans enabling a responsible disclosure of, at least, major ICT-related incidents or vulnerabilities to clients and counterparts as well as to the public, as appropriate.
  2. As part of the ICT risk management framework, financial entities shall implement communication policies for internal staff and for external stakeholders. Communication policies for staff shall take into account the need to differentiate between staff involved in ICT risk management, in particular the staff responsible for response and recovery, and staff that needs to be informed.
  3. At least one person in the financial entity shall be tasked with implementing the communication strategy for ICT-related incidents and fulfil the public and media function for that purpose.

Art. 15 DORA - Further harmonisation of ICT risk management tools, methods, processes and policies arrow_right_alt

Art. 16 DORA - Simplified ICT risk management framework arrow_right_alt