Articles 5–16 · 13 controls
| Control ID | Article | Description | EUR-Lex |
|---|---|---|---|
| DORA-Art5-P1 | Art. 5(1) | Financial entities shall have in place an internal governance and control framework that ensures an effective and pruden… | Art. 5 |
| DORA-Art6-P1 | Art. 6(1) | Financial entities shall have a sound, comprehensive and well-documented ICT risk management framework as part of their … | Art. 6 |
| DORA-Art6-P8 | Art. 6(8) | The ICT risk management framework shall be documented and reviewed at least once a year, or periodically in the case of … | Art. 6 |
| DORA-Art7-P1 | Art. 7(1) | Financial entities shall identify, classify and adequately document all ICT supported business functions, roles and resp… | Art. 7 |
| DORA-Art8-P1 | Art. 8(1) | Financial entities shall identify on a continuous basis all sources of ICT risk, in particular the risk exposure to and … | Art. 8 |
| DORA-Art9-P1 | Art. 9(1) | For the purposes of adequately protecting ICT systems and with a view to organising response measures, financial entitie… | Art. 9 |
| DORA-Art10-P1 | Art. 10(1) | Financial entities shall have in place mechanisms to promptly detect anomalous activities, including ICT network perform… | Art. 10 |
| DORA-Art11-P1 | Art. 11(1) | Financial entities shall put in place a comprehensive ICT business continuity policy as an integral part of the operatio… | Art. 11 |
| DORA-Art12-P1 | Art. 12(1) | Financial entities shall put in place, maintain and periodically test appropriate ICT business continuity plans, notably… | Art. 12 |
| DORA-Art13-P1 | Art. 13(1) | As part of the ICT risk management framework, financial entities shall adopt backup policies and procedures specifying t… | Art. 13 |
| DORA-Art14-P1 | Art. 14(1) | Financial entities shall put in place resources and capabilities to monitor, handle and follow up on ICT-related inciden… | Art. 14 |
| DORA-Art15-P1 | Art. 15(1) | Financial entities shall develop ICT security awareness programmes and digital operational resilience training as compul… | Art. 15 |
| DORA-Art16-P1 | Art. 16(1) | Financial entities shall have in place communication plans enabling a responsible disclosure of ICT-related incidents or… | Art. 16 |