Platform Overview

Understanding and navigating DORAedge

Health Page / Dashboard

This dashboard provides three key sections of information:

  1. Overview: contains a count of the number of records tracked in the app, split by record type

  2. Activity: shows all activity on your organization's platform, listing each user, the type of action, and a timestamp. It's possible to click directly into the record that has been created, updated or deactivated.

  3. DORA Compliance and Control Summary:

    1. The Compliance Readiness score highlights a percentage of completion, indicating the proportion of Articles (control requirements) in the DORA regulatory framework that have a Policy (governance) document assigned to them in the Policies & Controls module, which considers them to be "done". As more requirements are satisfied by Policy documents, this percentage will increase.

    2. The Control Summary breaks down the score by the number of requirements in DORAedge per Pillar in the regulation that are satisfied by a Policy document.

Get Started

Think of DORAedge not just as a platform for filling in form, but for structuring your organization's information communication technology (ICT) network and operations. Structuring this accurately will enable your internal, cross-functional DORA team and external advisors to appropriately assess and manage your resilience and mitigate potential risks.

ICT Network Setup

You may follow this as a rough checklist or order for setting up your organization's DORAedge account. While the Policy & Controls module can be leveraged concurrently to build out governance, we recommend the following order for setting up your ICT network:

  1. Entities

  2. Branches (if applicable)

  3. Functions

  4. Providers

  5. Contracts or Assets (order not critical, depending on what you want to accomplish first)

*Since records are well linked within DORAedge, setting up these will enable a more streamlined adding of Risks and Incidents at later stages. It is highly encouraged that the first three in the list above are built out first.

Familiarize yourself with DORA's terminology

Consider the following:

  1. Entity — who we are (as an organization, and potentially within a group structure)

  2. Branch — a local office or operational presence of an entity that operates under the license and oversight of a parent entity in another jurisdiction

  3. Function — what we do / the licensed activity we execute (what we deliver to clients)

  4. Provider — what third-parties help us execute our Functions

  5. Contract — a formal arrangements between a Provider (ICT third-party or Intra-group) and an Entity or Branch (or multiple)

  6. ICT Asset — technology/system managed internally

  7. Risk — what could go wrong that needs to be tracked so that it can be mitigated

  8. Incident — a categorized ICT disruption or outage, cyber threat

  9. Policy — a governance document that is written to satisfy a set of controls in the regulation

  10. Control — a requirement that an entity must satisfy in order to fulfill their obligation stated by an Article in the regulatory framework

  11. Register of Information — an obligatory regulatory report that documents an entity or group's ICT network with linking and dependencies in a standard format

In practice

To get comfortable with using DORAedge, try selecting one Entity, and build out all of its Functions (and Branches, if applicable).. Then choose a third-party ICT Provider to map out against the Functions in a Contract. This should help with building out the flow and replicating it.

PreviousUser GuideNextICT Network

Last updated