How can I help with DORA?

Seeded with DORA concepts: which financial entities and ICT third-party service providers fall in scope, how to manage ICT risk, how to classify and report ICT-related incidents, how to test digital operational resilience including threat-led penetration testing, and how to manage ICT third-party risk with the contract terms DORA expects.

• Work through whether DORA applies to you and which category of financial entity you fall under.
• Turn DORA's ICT risk obligations into concrete controls, governance, and an incident reporting process.
• Plan how you manage ICT third-party risk, from an inventory of ICT provider contracts to the contract terms DORA expects and resilience testing.

It gives implementation guidance to speed up your work. It is not legal advice, so confirm specifics with your competent authority or a qualified professional.