Articles 17–23 · 7 controls
| Control ID | Article | Description | EUR-Lex |
|---|---|---|---|
| DORA-Art17-P1 | Art. 17(1) | Financial entities shall define, establish and implement an ICT-related incident management process to detect, manage an… | Art. 17 |
| DORA-Art18-P1 | Art. 18(1) | Financial entities shall classify ICT-related incidents and shall determine their impact on the basis of criteria includ… | Art. 18 |
| DORA-Art19-P1 | Art. 19(1) | Financial entities shall report major ICT-related incidents to the relevant competent authority using initial notificati… | Art. 19 |
| DORA-Art20-P1 | Art. 20(1) | Financial entities shall, after collecting and analysing all relevant information, submit a final report to the competen… | Art. 20 |
| DORA-Art21-P1 | Art. 21(1) | Financial entities shall establish procedures and processes to ensure a consistent and integrated monitoring, handling a… | Art. 21 |
| DORA-Art22-P1 | Art. 22(1) | Financial entities shall ensure that ICT-related incident reports and post-incident reviews are used to identify vulnera… | Art. 22 |
| DORA-Art23-P1 | Art. 23(1) | Financial entities may, on a voluntary basis, notify significant cyber threats to the relevant competent authority when … | Art. 23 |