127 indexed
COMPLIANCECompliance controls
127 controls across 14 compliance frameworks, grouped by framework. For cross-framework Jaccard overlap see /explore/crosswalk. Authored by Adam Lundqvist.
14 in DORA · 127 total
| ID | Title | Summary |
|---|---|---|
| DORA-Art10 | DORA-Art10 DORA | DORA Article 10 — Detection: Financial entities must have in place mechanisms to promptly detect anomalous activities, including ICT network performance issues… |
| DORA-Art11 | Response and recovery DORApentest:high | Financial entities must put in place a comprehensive ICT business continuity policy, implemented through dedicated, appropriate, and documented arrangements, p… |
| DORA-Art12 | Backup policies and recovery methods DORApentest:medium | Financial entities must develop and document backup policies and procedures specifying the scope of data subject to backup and the minimum frequency of backups… |
| DORA-Art13 | Learning and evolving DORApentest:high | Financial entities must have capabilities and staff to gather information on vulnerabilities and cyber threats, ICT-related incidents, in particular cyber-atta… |
| DORA-Art14 | Communication DORApentest:low | Financial entities must implement communication policies for clients, counterparts and the public regarding ICT-related incidents or vulnerabilities. The polic… |
| DORA-Art17 | ICT-related incident management process DORApentest:high | Financial entities must establish, document, and implement an ICT-related incident management process to detect, manage, and notify ICT-related incidents. They… |
| DORA-Art24 | DORA-Art24 DORA | DORA Article 24 — Annual Penetration Testing: Financial entities must conduct, at least annually, comprehensive, independent penetration testing of ICT systems… |
| DORA-Art25 | Advanced testing of ICT tools, systems and processes based on TLPT DORApentest:high | Financial entities, other than microenterprises, that are identified as significant must carry out at least every three years advanced testing by means of TLPT… |
| DORA-Art28 | General principles for ICT third-party risk DORApentest:medium | Financial entities must manage ICT third-party risk as an integral component of ICT risk within their ICT risk-management framework. They must adopt and regula… |
| DORA-Art5 | DORA-Art5 DORA | DORA Article 5 — Governance and Organisation: Financial entities must have an internal governance and control framework that ensures effective and prudent mana… |
| DORA-Art6 | DORA-Art6 DORA | DORA Article 6 — ICT risk management framework: Financial entities must have a sound, comprehensive and well-documented ICT risk-management framework. The fram… |
| DORA-Art7 | DORA-Art7 DORA | DORA Article 7 — ICT systems, protocols and tools: Financial entities must use and maintain updated ICT systems, protocols and tools that are appropriate to th… |
| DORA-Art8 | DORA-Art8 DORA | DORA Article 8 — Identification: Financial entities must identify, classify and adequately document all ICT-supported business functions, roles and responsibil… |
| DORA-Art9 | DORA-Art9 DORA | DORA Article 9 — Protection and prevention: Financial entities must continuously monitor and control the security and functioning of ICT systems and tools and … |