DORA
The Digital Operational Resilience Act (DORA), Regulation (EU) 2022/2554, establishing uniform requirements for the security of network and information systems of EU financial entities and critical ICT third-party providers. Covers ICT risk management (governance, framework, identification, protection, detection, response/recovery, backup, learning), ICT-related incident management and major-incident reporting to competent authorities, digital operational resilience testing (including threat-led penetration testing), ICT third-party risk management (Register of Information, key contractual provisions, concentration risk) with a Union Oversight Framework for critical ICT third-party providers, and cyber threat information sharing.
Domains
Compare DORA
Related Articles
Related Courses
DORA by Industry
DORA by Role
Frequently Asked Questions
What is DORA?
How many controls does DORA have?
Where does DORA apply?
What frameworks does DORA map to?
How do I get started with DORA compliance?
How ready are you for DORA?
Answer 25 questions and get a professional readiness report with gap analysis, maturity scores, and prioritised action items. Results in 5 minutes.