DORA-Art20-P1

Article
20 (1)
Pillar
ICT Incident Detection & Reporting
Regulation Ref
Regulation (EU) 2022/2554, Article 20(1)
Last Reviewed
2026-01-15

Financial entities shall, after collecting and analysing all relevant information, submit a final report to the competent authority with details on the root cause and measures adopted to prevent recurrence.

Evidence Profiles

Incident Final Report COMMON

Final report submitted to competent authorities within one month of a major ICT-related incident, containing complete root cause analysis, total impact assessment, and preventive measures as required by DORA Articles 19-20.

Formats
PDF
Evidence Class
incident-final-report
Availability
COMMON
Update Frequency
event-driven
Typical Author
CISO
Approval Chain
CISO → CRO → Board Risk Committee

Content Sections

Expected Fields

Common Quality Issues

ICT Incident Root Cause Analysis Report PARTIAL

Detailed root cause analysis document for ICT-related incidents, using structured methodologies (5 Whys, fishbone diagram, fault tree analysis) to identify underlying causes and recommend corrective actions.

Formats
DOCX PDF
Evidence Class
incident-root-cause-analysis
Availability
PARTIAL
Update Frequency
event-driven
Typical Author
Incident Manager
Approval Chain
Incident Manager → CISO

Content Sections

Expected Fields

Common Quality Issues

Fact Schemas

incident_final_report_status

Schema ID
fs-incident-final-report
Control
DORA-Art20-P1

Valid Ranges

submission_date
within 1 month of incident resolution
total_duration_hours
actual incident duration

Related Schemas

JSON Schema

{
  "properties": {
    "has_preventive_measures": {
      "type": "boolean"
    },
    "has_root_cause_analysis": {
      "type": "boolean"
    },
    "incident_id": {
      "minLength": 1,
      "type": "string"
    },
    "preventive_measures_count": {
      "minimum": 0,
      "type": "integer"
    },
    "submission_date": {
      "format": "date",
      "type": "string"
    },
    "submitted_within_deadline": {
      "type": "boolean"
    },
    "total_clients_affected": {
      "minimum": 0,
      "type": "integer"
    },
    "total_duration_hours": {
      "minimum": 0,
      "type": "number"
    },
    "total_financial_impact_eur": {
      "minimum": 0,
      "type": "number"
    }
  },
  "required": [
    "incident_id",
    "submission_date",
    "has_root_cause_analysis",
    "has_preventive_measures",
    "total_duration_hours"
  ],
  "type": "object"
}

incident_root_cause_analysis

Schema ID
fs-incident-root-cause-analysis
Control
DORA-Art21-P1

Valid Ranges

analysis_date
within 30 days of incident resolution
corrective_actions_completed
should equal corrective_actions_count for full remediation

Related Schemas

JSON Schema

{
  "properties": {
    "analysis_date": {
      "format": "date",
      "type": "string"
    },
    "corrective_actions_completed": {
      "minimum": 0,
      "type": "integer"
    },
    "corrective_actions_count": {
      "minimum": 0,
      "type": "integer"
    },
    "incident_id": {
      "minLength": 1,
      "type": "string"
    },
    "methodology_used": {
      "enum": [
        "five_whys",
        "fishbone",
        "fault_tree",
        "combined",
        "other"
      ],
      "type": "string"
    },
    "root_cause_category": {
      "enum": [
        "technical",
        "process",
        "human",
        "external",
        "vendor"
      ],
      "type": "string"
    },
    "root_cause_identified": {
      "type": "boolean"
    },
    "systemic_risk_identified": {
      "type": "boolean"
    }
  },
  "required": [
    "incident_id",
    "analysis_date",
    "methodology_used",
    "root_cause_identified",
    "corrective_actions_count"
  ],
  "type": "object"
}