The Regulation (ΕU) 2022/2554 (Digital Operational Resilience Act - DORA) «on digital operational resilience for the financial sector» (hereafter Regulation), provides that all Financial Entities, which are within the scope of the Regulation, should follow the same approach when managing Information and Communication Technology (ICT) risks, taking into account their size, their overall risk profile, as well as the nature, scale and complexity of their services and operations.
The Regulation provides for requirements mainly related to:
- ICT risk management.
- ICT-related incident management, classification and reporting.
- Digital operational resilience testing.
- Managing of ICT third-party risk.
Detailed information for each section as well as supporting documents are listed below: