Chapter 6: Incident response and reporting

It feels rather odd for DORA to separate out incident response and reporting from the risk management framework when a distinct part of that framework is describing how the organisation should respond to incidents. It is telling that much of this part of the Regulation is directed at the competent authorities and ESAs: it is addressing how an incident can affect the sector, not just the organisation itself.

It is useful to know how the competent authorities will receive and react to incident reports, of course, but it is not essential for compliance with the Regulation.

For financial entities, the key requirements revolve around the incident management process, classification of incidents and cyber threats, ...

Get DORA - A guide to the EU digital operational resilience act now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

DORA - A guide to the EU digital operational resilience act by Andrew Pattison

CHAPTER 6: INCIDENT RESPONSE AND REPORTING

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly