DORA-Art17-P1

Article
17 (1)
Pillar
ICT Incident Detection & Reporting
Regulation Ref
Regulation (EU) 2022/2554, Article 17(1)
Last Reviewed
2026-01-15

Financial entities shall define, establish and implement an ICT-related incident management process to detect, manage and notify ICT-related incidents.

Evidence Profiles

ICT Incident Management Process Document COMMON

Comprehensive document defining the institution's ICT-related incident management process, including detection mechanisms, escalation procedures, roles and responsibilities, and communication protocols as required by DORA Article 17.

Formats
PDF
Evidence Class
incident-management-process
Availability
COMMON
Update Frequency
annual
Typical Author
CISO
Approval Chain
CISO → CRO → Board Risk Committee

Content Sections

Expected Fields

Common Quality Issues

ICT Incident Classification Taxonomy PARTIAL

Structured JSON taxonomy defining incident classification criteria including severity levels, impact dimensions (clients affected, duration, geographical spread, data losses, criticality of services, economic impact) as required by DORA Article 18.

Formats
JSON
Evidence Class
incident-classification-taxonomy
Availability
PARTIAL
Update Frequency
annual
Typical Author
Incident Manager
Approval Chain
Incident Manager → CISO

Content Sections

Expected Fields

Common Quality Issues

Fact Schemas

incident_management_process_status

Schema ID
fs-incident-management-process
Control
DORA-Art17-P1

Valid Ranges

approval_date
within last 18 months
last_simulation_date
within last 12 months

Related Schemas

JSON Schema

{
  "properties": {
    "approval_date": {
      "format": "date",
      "type": "string"
    },
    "has_communication_protocols": {
      "type": "boolean"
    },
    "has_detection_mechanisms": {
      "type": "boolean"
    },
    "has_escalation_procedures": {
      "type": "boolean"
    },
    "integrates_with_bcp": {
      "type": "boolean"
    },
    "last_simulation_date": {
      "format": "date",
      "type": "string"
    },
    "process_version": {
      "minLength": 1,
      "type": "string"
    },
    "response_team_defined": {
      "type": "boolean"
    }
  },
  "required": [
    "process_version",
    "approval_date",
    "has_detection_mechanisms",
    "has_escalation_procedures",
    "has_communication_protocols"
  ],
  "type": "object"
}

incident_classification_taxonomy_status

Schema ID
fs-incident-classification-taxonomy
Control
DORA-Art18-P1

Valid Ranges

effective_date
within last 18 months
severity_levels_count
typically 3-5 levels
impact_dimensions_covered
all 6 DORA dimensions for full compliance

Related Schemas

JSON Schema

{
  "properties": {
    "aligned_with_esa_rts": {
      "type": "boolean"
    },
    "covers_all_impact_dimensions": {
      "type": "boolean"
    },
    "effective_date": {
      "format": "date",
      "type": "string"
    },
    "has_major_incident_thresholds": {
      "type": "boolean"
    },
    "impact_dimensions_covered": {
      "items": {
        "enum": [
          "clients_affected",
          "duration",
          "geographical_spread",
          "data_losses",
          "service_criticality",
          "economic_impact"
        ],
        "type": "string"
      },
      "type": "array"
    },
    "severity_levels_count": {
      "minimum": 2,
      "type": "integer"
    },
    "taxonomy_version": {
      "minLength": 1,
      "type": "string"
    }
  },
  "required": [
    "taxonomy_version",
    "effective_date",
    "severity_levels_count",
    "has_major_incident_thresholds",
    "covers_all_impact_dimensions"
  ],
  "type": "object"
}