See how DORAedge can reduce the complexity of DORA compliant ICT incident management with automated tracking, classification, and streamlined reporting, ensuring compliance and operational resilience.
Last updated
Financial entities must establish and implement an ICT-related incident management process that enables them to detect, manage, and notify about ICT-related incidents.
How DORAedge Assists:
Helps set up and maintain a complete ICT-related incident management process.
Automates the detection, recording, and tracking of ICT-related incidents.
Facilitates compliance with notifications for reporting procedures to authorities or stakeholders.
Entities must record all ICT-related incidents and significant cyber threats. They must establish procedures to ensure consistent monitoring, handling, and follow-up to identify and address root causes, preventing incident recurrence.
How DORAedge Assists:
Proprietary AI-assisted model to assist in labeling and assessments of criticality of incidents
Provides an integrated platform for recording all ICT-related incidents and cyber threats. This includes an impermutable log with auditable changelogs for every single interaction.
Helps monitor and track incidents from detection to resolution
Supports root cause analysis and provides tools for documentation and follow-up actions
Financial entities must have procedures to identify, track, log, categorize, and classify incidents based on their priority and severity, according to the criticality of the services impacted.
How DORAedge Assists:
Provides dashboards to visualize and prioritize incidents in real-time.
Entities must assign roles and responsibilities for different incident types and scenarios to ensure appropriate response actions.
Allows entities to define and assign roles and responsibilities for various incident types to different persons or User Roles
Provides automated notifications to responsible teams when incidents occur including enrichment of third party data from proprietary AI model.
Financial entities must establish communication plans for notifying staff, external stakeholders, and clients, and for internal escalation procedures. These plans should cover customer complaints and information sharing with financial counterparts.
Setup forms and checklist custom to your company to follow during an incident
Stores and tracks communication plans for internal and external stakeholders.
Automates escalation procedures for major incidents.
Provides templates for client notifications and ensures compliance with communication requirements.
Entities must ensure that major incidents are reported to senior management, including their impact, response, and any additional controls put in place to mitigate similar risks in the future.
How DORAedge Assists:
Financial entities must establish incident response procedures to mitigate the impact of incidents and ensure services are restored in a timely and secure manner.
Tracks service restoration progress and ensures all services are brought back online securely.
Enables post-incident reviews to assess response effectiveness.
Entities must classify incidents based on several criteria, including the number of affected clients, downtime, geographical impact, data loss, criticality of services, and economic impact.
How DORAedge Assists:
Tracks and logs data losses and assesses their impact on the confidentiality, integrity, and availability of information.
Financial entities must classify cyber threats as significant based on the criticality of services, the number of clients targeted, and geographical impact.
How DORAedge Assists:
Integrated into the risks features of DORAedge, which easily asks questions from the RTS around (High materiality thresholds for determining significant cyber threats)
The ESAs will develop common regulatory technical standards to further define the criteria and thresholds for determining major ICT-related incidents and significant cyber threats.
Entities must report major ICT-related incidents to the relevant competent authority, including initial notifications and periodic updates until the incident is fully resolved.
How DORAedge Assists:
Ensures all necessary information and assessments is included to comply with reporting requirements including asking the correct questions as described in the RTS.
Tracks reporting deadlines in real time and prompts for status updates to the competent authority.
Financial entities may voluntarily notify authorities about significant cyber threats if they believe the threat poses a risk to the financial system or their clients.
How DORAedge Assists:
DORAedge does not currently feature any voluntary exchange of information to regulators.
Financial entities must notify their clients without undue delay about major incidents and provide information on the measures taken to mitigate the adverse effects.
How DORAedge Assists:
Entities must submit an initial notification, intermediate reports as necessary, and a final report after the root cause analysis is complete.
How DORAedge Assists:
Ensures all necessary information and assessments is included to comply with reporting requirements including asking the correct questions as described in the RTS.
Tracks reporting deadlines in real time and prompts for status updates to the competent authority.
Entities may outsource reporting obligations to third-party service providers but remain responsible for the incident reporting.
The ESAs will develop standard forms and templates for reporting major ICT-related incidents and significant cyber threats.
The ESAs will explore the feasibility of establishing a single EU Hub for centralizing incident reporting.
Authorities may provide feedback or guidance on reported incidents, including anonymized information on similar threats and ways to mitigate impacts.
The incident management and reporting requirements also apply to operational or security payment-related incidents affecting credit institutions, payment institutions, account information service providers, and electronic money institutions.
All these institutions are well-suited as users of the DORAedge platform.
Assists with automatic categorization and classification of ICT-related incidents based on AI-model
Uses predefined criteria to classify incidents by severity and impact on critical services as directed by the regulators
How DORAedge Assists:
How DORAedge Assists:
Automatically escalates major incidents to senior management and/or all users in the system
How DORAedge Assists:
Automatically classifies incidents based on predefined criteria like client impact, downtime, and economic cost
Automates the classification of significant cyber threats based on DORA's impact criteria
Automates the entire reporting process by processing notifications from Automated Collection Points to helping file notifications to the competant authorities
Our proprietary AI model with chat function allows you ask contextual questions to an incident including if it should be flagged as a major incident or not
Create custom rules and activies that needs to be done in relation to incidents
Automates the entire reporting process by processing notifications from Automated Collection Points to helping file all necessary reports to the competent authorities
Our proprietary AI model with chat function allows you ask contextual questions to an incident including if it should be flagged as a major incident or not
DORAedge does not support ESAs or competent authorities as customers. We are solely focused on helping financial entities. This clause governs obligations for other parties than financial entities.
DORAedge does not support ESAs or competent authorities as customers. We are solely focused on helping financial entities. This clause governs obligations for other parties than financial entities.
DORAedge does not support ESAs or competent authorities as customers. We are solely focused on helping financial entities. This clause governs obligations for other parties than financial entities.
DORAedge does not support ESAs or competent authorities as customers. We are solely focused on helping financial entities. This clause governs obligations for other parties than financial entities.