DORA Requirements Checklist
Core Requirements
- Documented ICT Risk Management Framework
- Formal ICT Incident Response & Reporting Procedures
- Register of ICT Third-Party Providers
- Business Continuity and Disaster Recovery Plans
- Regular Digital Operational Resilience Testing
Source: Regulation (EU) 2022/2554, Chapters II–IV
Governance & Oversight
- Board-level accountability for ICT risk
- Defined roles and responsibilities for ICT management
- Ongoing monitoring of ICT systems and risks
Source: Regulation (EU) 2022/2554, Article 5
Third-Party Risk
- Identification of critical or important ICT providers
- Risk assessment of outsourcing arrangements
- Contractual controls and exit strategies
Source: Regulation (EU) 2022/2554, Chapter V