My favourites

Chapter III – ICT-related incident management, classification and reporting (Art. 17-23)

Art. 17 DORA - ICT-related incident management process arrow_right_alt

  1. Financial entities shall define, establish and implement an ICT-related incident management process to detect, manage and notify ICT-related incidents.
  2. Financial entities shall record all ICT-related incidents and significant cyber threats. Financial entities shall establish appropriate procedures and processes to ensure a consistent and integrated monitoring, handling and follow-up of ICT-related incidents, to ensure that root causes are identified, documented and addressed in order to prevent the occurrence of such incidents.
  3. The ICT-related incident management process referred to in paragraph 1 shall:
    1. put in place early warning indicators;
    2. establish procedures to identify, track, log, categorise and classify ICT-related incidents according to their priority and severity and according to the criticality of the services impacted, in accordance with the criteria set out in Article 18(1);
    3. assign roles and responsibilities that need to be activated for different ICT-related incident types and scenarios;
    4. set out plans for communication to staff, external stakeholders and media in accordance with Article 14 and for notification to clients, for internal escalation procedures, including ICT-related customer complaints, as well as for the provision of information to financial entities that act as counterparts, as appropriate;
    5. ensure that at least major ICT-related incidents are reported to relevant senior management and inform the management body of at least major ICT-related incidents, explaining the impact, response and additional controls to be established as a result of such ICT-related incidents;
    6. establish ICT-related incident response procedures to mitigate impacts and ensure that services become operational and secure in a timely manner.

Art. 18 DORA - Classification of ICT-related incidents and cyber threats arrow_right_alt

Art. 19 DORA - Reporting of major ICT-related incidents and voluntary notification of significant cyber threats arrow_right_alt

Art. 20 DORA - Harmonisation of reporting content and templates arrow_right_alt

Art. 21 DORA - Centralisation of reporting of major ICT-related incidents arrow_right_alt

Art. 22 DORA - Supervisory feedback arrow_right_alt

Art. 23 DORA - Operational or security payment-related incidents concerning credit institutions, payment institutions, account information service providers, and electronic money institutions arrow_right_alt