Chapter III: Incident Reporting (Articles 17-23)

Article 17.1: ICT-Related Incident Management Process

Financial entities must establish and implement an ICT-related incident management process that enables them to detect, manage, and notify about ICT-related incidents.

How DORAedge Assists:

• Helps set up and maintain a complete ICT-related incident management process.

• Automates the detection, recording, and tracking of ICT-related incidents.

• Facilitates compliance with notifications for reporting procedures to authorities or stakeholders.

Article 17.2: Incident Recording and Root Cause Analysis

Entities must record all ICT-related incidents and significant cyber threats. They must establish procedures to ensure consistent monitoring, handling, and follow-up to identify and address root causes, preventing incident recurrence.

How DORAedge Assists:

• Proprietary AI-assisted model to assist in labeling and assessments of criticality of incidents

• Provides an integrated platform for recording all ICT-related incidents and cyber threats. This includes an impermutable log with auditable changelogs for every single interaction.

• Helps monitor and track incidents from detection to resolution

• Supports root cause analysis and provides tools for documentation and follow-up actions

Article 17.3(b): Incident Classification and Categorization

Financial entities must have procedures to identify, track, log, categorize, and classify incidents based on their priority and severity, according to the criticality of the services impacted.

How DORAedge Assists:

• Assists with automatic categorization and classification of ICT-related incidents based on AI-model

• Uses predefined criteria to classify incidents by severity and impact on critical services as directed by the regulators

• Provides dashboards to visualize and prioritize incidents in real-time.

Article 17.3(c): Assigning Roles and Responsibilities

Entities must assign roles and responsibilities for different incident types and scenarios to ensure appropriate response actions.

How DORAedge Assists:

• Allows entities to define and assign roles and responsibilities for various incident types to different persons or User Roles

• Provides automated notifications to responsible teams when incidents occur including enrichment of third party data from proprietary AI model.

Article 17.3(d): Communication and Escalation Plans

Financial entities must establish communication plans for notifying staff, external stakeholders, and clients, and for internal escalation procedures. These plans should cover customer complaints and information sharing with financial counterparts.

How DORAedge Assists:

• Setup forms and checklist custom to your company to follow during an incident

• Stores and tracks communication plans for internal and external stakeholders.

• Automates escalation procedures for major incidents.

• Provides templates for client notifications and ensures compliance with communication requirements.

Article 17.3(e): Reporting to Senior Management

Entities must ensure that major incidents are reported to senior management, including their impact, response, and any additional controls put in place to mitigate similar risks in the future.

How DORAedge Assists:

• Automatically escalates major incidents to senior management and/or all users in the system

Article 17.3(f): Incident Response and Service Restoration

Financial entities must establish incident response procedures to mitigate the impact of incidents and ensure services are restored in a timely and secure manner.

How DORAedge Assists:

• Tracks service restoration progress and ensures all services are brought back online securely.

• Enables post-incident reviews to assess response effectiveness.

Article 18.1: Classification of ICT-Related Incidents

Entities must classify incidents based on several criteria, including the number of affected clients, downtime, geographical impact, data loss, criticality of services, and economic impact.

How DORAedge Assists:

• Automatically classifies incidents based on predefined criteria like client impact, downtime, and economic cost

• Tracks and logs data losses and assesses their impact on the confidentiality, integrity, and availability of information.

Article 18.2: Classification of Significant Cyber Threats

Financial entities must classify cyber threats as significant based on the criticality of services, the number of clients targeted, and geographical impact.

How DORAedge Assists:

• Integrated into the risks features of DORAedge, which easily asks questions from the RTS around (High materiality thresholds for determining significant cyber threats)

• Automates the classification of significant cyber threats based on DORA's impact criteria

Article 18.3 & 18.4: Regulatory Standards for Incident Classification

The ESAs will develop common regulatory technical standards to further define the criteria and thresholds for determining major ICT-related incidents and significant cyber threats.

Article 19.1: Reporting of Major ICT-Related Incidents

Entities must report major ICT-related incidents to the relevant competent authority, including initial notifications and periodic updates until the incident is fully resolved.

How DORAedge Assists:

• Automates the entire reporting process by processing notifications from Automated Collection Points to helping file notifications to the competant authorities

• Our proprietary AI model with chat function allows you ask contextual questions to an incident including if it should be flagged as a major incident or not

• Ensures all necessary information and assessments is included to comply with reporting requirements including asking the correct questions as described in the RTS.

• Tracks reporting deadlines in real time and prompts for status updates to the competent authority.

Article 19.2: Voluntary Reporting of Significant Cyber Threats

Financial entities may voluntarily notify authorities about significant cyber threats if they believe the threat poses a risk to the financial system or their clients.

How DORAedge Assists:

• DORAedge does not currently feature any voluntary exchange of information to regulators.

Article 19.3: Informing Clients About Major Incidents

Financial entities must notify their clients without undue delay about major incidents and provide information on the measures taken to mitigate the adverse effects.

How DORAedge Assists:

• Create custom rules and activies that needs to be done in relation to incidents

Article 19.4: Reporting Requirements

Entities must submit an initial notification, intermediate reports as necessary, and a final report after the root cause analysis is complete.

How DORAedge Assists:

• Automates the entire reporting process by processing notifications from Automated Collection Points to helping file all necessary reports to the competent authorities

• Our proprietary AI model with chat function allows you ask contextual questions to an incident including if it should be flagged as a major incident or not

• Ensures all necessary information and assessments is included to comply with reporting requirements including asking the correct questions as described in the RTS.

• Tracks reporting deadlines in real time and prompts for status updates to the competent authority.

Article 19.5: Outsourcing Reporting Obligations

Entities may outsource reporting obligations to third-party service providers but remain responsible for the incident reporting.

Article 20: Harmonization of Reporting Content and Templates

The ESAs will develop standard forms and templates for reporting major ICT-related incidents and significant cyber threats.

Article 21: Centralization of Reporting of Major ICT-Related Incidents

The ESAs will explore the feasibility of establishing a single EU Hub for centralizing incident reporting.

Article 22: Supervisory Feedback

Authorities may provide feedback or guidance on reported incidents, including anonymized information on similar threats and ways to mitigate impacts.

Article 23: Operational or Security Payment-Related Incidents

The incident management and reporting requirements also apply to operational or security payment-related incidents affecting credit institutions, payment institutions, account information service providers, and electronic money institutions.

All these institutions are well-suited as users of the DORAedge platform.