01
ICT Risk Management
Institutions must establish strong internal frameworks to identify, assess, and mitigate ICT risks related to IT systems, data, and cyber threats. Adequate governance structures and risk mitigation strategies must be implemented.
02
ICT Incident Reporting
Significant ICT-related incidents must be reported to national authorities, enabling swift identification and resolution of disruptions while enhancing transparency and response capabilities.
03
Digital Operational Resilience Testing
Regular testing, including penetration testing and vulnerability assessments, is mandatory to ensure that any weaknesses in ICT infrastructure are identified and addressed.
04
Third-Party Risk Management
DORA emphasizes the management of risks from third-party service providers, especially those offering critical ICT services. Financial entities must ensure that third-party providers adhere to resilience standards, including security and continuity agreements.
05
Information Sharing
DORA encourages financial institutions to share information regarding cyber threats and vulnerabilities to foster collaboration and improve the sector’s overall resilience to emerging risks.