DORA-Art10-P1

Article: 10 (1)
Pillar: ICT Risk Management
Regulation Ref: Regulation (EU) 2022/2554, Article 10(1)
Last Reviewed: 2026-01-15

Financial entities shall have in place mechanisms to promptly detect anomalous activities, including ICT network performance issues and ICT-related incidents, and to identify potential material single points of failure.

Evidence Profiles

ICT Monitoring and Detection Configuration PARTIAL

JSON configuration export of monitoring tools, alert thresholds, anomaly detection rules, and SIEM configurations as required by DORA Article 10.

Formats: JSON
Evidence Class: ict-monitoring-config
Availability: PARTIAL
Update Frequency: quarterly
Typical Author: Security Operations Manager
Approval Chain: Security Operations Manager → CISO

Content Sections

Expected Fields

Common Quality Issues

Monitoring coverage gaps for non-production environments
Alert thresholds not tuned — excessive false positives
No correlation rules for multi-stage attack detection
Missing coverage for cloud-native services

ICT Detection Capabilities Summary RARE

Plain text summary of the institution's detection capabilities, including coverage assessment, detection gaps, and improvement roadmap.

Formats: PLAIN_TEXT
Evidence Class: ict-detection-capabilities
Availability: RARE
Update Frequency: annual
Typical Author: SOC Manager
Approval Chain: SOC Manager → CISO

Content Sections

Expected Fields

Common Quality Issues

Informal document without structured assessment methodology
Coverage percentage self-reported without validation
Improvement roadmap lacks timelines and resource allocation
No mapping to MITRE ATT&CK or similar detection frameworks

Fact Schemas

ict_detection_capabilities_status

Schema ID: fs-ict-detection-capabilities
Control: DORA-Art10-P1

Valid Ranges

assessment_date: within last 12 months
monitoring_coverage_percent: above 80% for adequate coverage

Related Schemas

JSON Schema

{
  "properties": {
    "alert_rules_count": {
      "minimum": 0,
      "type": "integer"
    },
    "assessment_date": {
      "format": "date",
      "type": "string"
    },
    "has_anomaly_detection": {
      "type": "boolean"
    },
    "has_siem": {
      "type": "boolean"
    },
    "mean_time_to_detect_hours": {
      "minimum": 0,
      "type": "number"
    },
    "monitoring_coverage_percent": {
      "maximum": 100,
      "minimum": 0,
      "type": "number"
    },
    "single_points_of_failure_monitored": {
      "type": "boolean"
    }
  },
  "required": [
    "assessment_date",
    "has_anomaly_detection",
    "has_siem",
    "monitoring_coverage_percent"
  ],
  "type": "object"
}