DORA Compliance Assessment
Compliance Report
Company Information | |
---|---|
First Name: | |
Last Name: | |
Function: | |
Company Name: | |
Country: | |
City: | |
Email: |
General Compliance - DORA Requirement Collection | |
---|---|
Article Reference: | DORA Article 2 |
Legal Obligation: | Collect and study all relevant DORA regulations, technical standards, guidelines, and recommendations to ensure comprehensive compliance. |
Legal Requirement: | Establish a process for collecting, studying, and updating DORA-related documents regularly. |
Security Requirement: | Implement a knowledge base for DORA-related documentation and ensure regular training for staff. |
General Compliance - Determining DORA Applicability | |
---|---|
Article Reference: | DORA Article 16 |
Legal Obligation: | Determine the scope of DORA within the organization, ensuring that all applicable areas are covered. |
Legal Requirement: | Conduct a thorough assessment to establish DORA's boundaries in your operations, focusing on the simplified ICT risk management framework. |
Security Requirement: | Implement a scope management process that includes regular reviews of DORA applicability. |
Internal Governance - Gap Analysis | |
---|---|
Article Reference: | DORA Article 5 |
Legal Obligation: | Perform a gap analysis to identify discrepancies between current practices and DORA requirements. |
Legal Requirement: | Conduct a comprehensive gap analysis to align governance practices with DORA. |
Security Requirement: | Integrate gap analysis findings into the governance framework and ensure ongoing monitoring and improvements. |
Internal Governance - Risk Management Function | |
---|---|
Article Reference: | DORA Article 6 |
Legal Obligation: | Establish a Risk Management Function (RMF) to manage and mitigate ICT risks. |
Legal Requirement: | Implement an RMF aligned with DORA’s requirements, ensuring it is integrated with overall risk management. |
Security Requirement: | Appoint a dedicated team for risk management, equipped with the necessary tools and processes to manage ICT risks. |
ICT Risk Management - Framework Establishment | |
---|---|
Article Reference: | DORA Article 8 |
Legal Obligation: | Develop and implement an ICT Risk Management Framework (ICT RMF). |
Legal Requirement: | Design an ICT RMF that includes risk identification, assessment, and management processes. |
Security Requirement: | Ensure continuous monitoring and regular updates to the ICT RMF based on evolving threats. |
ICT Risk Management - Regular Assessments | |
---|---|
Article Reference: | DORA Article 8 |
Legal Obligation: | Conduct regular ICT risk assessments, including on legacy systems and third-party services. |
Legal Requirement: | Establish a schedule for regular risk assessments and ensure they are reviewed and updated annually. |
Security Requirement: | Implement tools and processes to automate and facilitate ongoing risk assessments. |
Incident Management - Incident Management Process | |
---|---|
Article Reference: | DORA Article 17 |
Legal Obligation: | Define and implement an ICT-related incident management process. |
Legal Requirement: | Establish processes for incident response, root cause analysis, and post-incident reviews. |
Security Requirement: | Create a dedicated incident response team and ensure clear communication channels are established. |
Incident Management - Incident Reporting Process | |
---|---|
Article Reference: | DORA Article 19 |
Legal Obligation: | Implement a process for reporting major ICT-related incidents to authorities and stakeholders. |
Legal Requirement: | Set up reporting mechanisms that meet the requirements for timeliness and accuracy. |
Security Requirement: | Ensure incident reports are securely stored and accessible for regulatory reviews. |