DORA
Digital Operational Resilience Act (EU 2022/2554)
Le règlement européen harmonisant la résilience opérationnelle numérique du secteur financier. Il impose un cadre de gestion du risque TIC, la gestion et le signalement des incidents, des tests de résilience et la surveillance du risque lié aux tiers TIC.
Who it applies to
Les entités financières de l'UE — banques, assureurs, entreprises d'investissement, établissements de paiement et de monnaie électronique, prestataires de services sur crypto-actifs, etc. — ainsi que les prestataires tiers de services TIC critiques qui les servent.
Chapter II — ICT risk management
- Art. 6 ICT risk management framework16 mapped
Maintain a sound, comprehensive and well-documented ICT risk-management framework as part of the overall risk-management system.
- Art. 9 Protection and prevention31 mapped
Implement policies and tools to protect ICT systems, including access control and cryptographic protection of data at rest, in use and in transit.
- Art. 10 Detection11 mapped
Deploy mechanisms to promptly detect anomalous activities, ICT incidents and potential single points of failure.
- Art. 12 Backup policies and recovery procedures6 mapped
Establish backup policies and restoration and recovery procedures, with redundancy sufficient to ensure continuity.
Chapter III — ICT incidents
- Art. 17 ICT-related incident management process13 mapped
Define and implement a process to detect, manage, log and classify ICT-related incidents.
- Art. 19 Reporting of major ICT-related incidents13 mapped
Report major ICT-related incidents to the relevant competent authority within the defined timelines.