DORA-Art11-P1 — DORA Knowledge Catalog

Financial entities shall put in place a comprehensive ICT business continuity policy as an integral part of the operational business continuity policy, including response and recovery plans for ICT-related incidents.

Evidence Profiles

ICT Response and Recovery Plan COMMON

Documented plan for responding to and recovering from ICT-related incidents, including escalation procedures, communication protocols, and recovery procedures as required by DORA Article 11.

Formats: PDF DOCX
Evidence Class: ict-response-recovery-plan
Availability: COMMON
Update Frequency: annual
Typical Author: Business Continuity Manager
Approval Chain: Business Continuity Manager → CIO → Board Risk Committee

Content Sections

Expected Fields

Common Quality Issues

Recovery time objectives not validated through testing
Plan not updated after significant infrastructure changes
Missing communication protocols for external stakeholders
No consideration of third-party service provider recovery dependencies

Fact Schemas

ict_response_recovery_status

Schema ID: fs-ict-response-recovery
Control: DORA-Art11-P1

Valid Ranges

approval_date: within last 18 months
last_test_date: within last 12 months
rto_hours: typically 2-24 hours for critical functions

Related Schemas

JSON Schema

{
  "properties": {
    "approval_date": {
      "format": "date",
      "type": "string"
    },
    "covers_third_party_dependencies": {
      "type": "boolean"
    },
    "last_test_date": {
      "format": "date",
      "type": "string"
    },
    "next_test_date": {
      "format": "date",
      "type": "string"
    },
    "plan_version": {
      "type": "string"
    },
    "rpo_hours": {
      "minimum": 0,
      "type": "number"
    },
    "rto_hours": {
      "minimum": 0,
      "type": "number"
    },
    "test_result_successful": {
      "type": "boolean"
    }
  },
  "required": [
    "plan_version",
    "approval_date",
    "rto_hours",
    "rpo_hours",
    "last_test_date"
  ],
  "type": "object"
}