EU DORA RTS – ICT risk management framework – Global Relay Intelligence & Practice

EU DORA RTS - ICT risk management framework

Specifies the requirements for ICT security policies, procedures, protocols and tools. Sets out the simplified ICT risk management framework intended to ensure some flexibility in complying with DORA requirements is available to financial entities depending on their particular size, structure, internal organization and in the nature and complexity of their activities.

Rule Overview

Jurisdiction: European Union

Regulator: ESMA

Topic: Resilience

Notable

Latest News

Notable

Taming the DORA dragon

Technology

Taming the DORA dragon

June 26, 2024

An interdisciplinary approach between firms and their service providers is crucial to successfully "tame" DORA says PJ Di Giammarino of JWG.

PJ Di Giammarino | JWG5 min read

Managing ICT third-party risk under DORA

Regulation

Managing ICT third-party risk under DORA

September 25, 2023

Requirements imposed on financial services institutions when procuring ICT services from third parties - regulation and best practice.

Nikhil Shah | Fieldfisher14 min read

Your DORA questions answered – Business resilience more broadly

Technology

Your DORA questions answered – Business resilience more broadly

March 27, 2024

This fifth of a series of articles covering a practical session organised by Ashurst focuses on business resilience questions connected to DORA.

Thomas Hyrkiel3 min read

Technology

Taming the DORA dragon

Regulation

Managing ICT third-party risk under DORA

Technology

Your DORA questions answered – Business resilience more broadly

Latest News More on DORA

ESMA

What you need to know about ESMA's new Registration Guide

August 22, 2025

While not legally binding, the guide provides clarity on ESMA's assessment process for financial entities navigating the registration process.

Jean Hurley1 min read
Regulation

BaFin publishes DORA document requirements cheat sheet

August 19, 2025

Comprehensive register of key documents is relevant to all organizations running digital systems and needing to ensure their security.

Thomas Hyrkiel2 min read
Regulation

BaFIN to intensify third-party supervision in 2025

August 11, 2025

The regulator continues to be concerned about outsourcing dependency and concentration risk and wants to obtain clarity on technology interconnectedness in the financial sector.

Thomas Hyrkiel2 min read
ESMA

Infringement procedures launched over delayed DORA transposition

April 1, 2025

Full implementation is vital for strengthening the EU's financial sector against increasing digital risks.

Jean Hurley1 min read
GRIP Extra

GRIP Extra: CFPB drops Zelle suit, Barclays suffers 3-day IT outage

March 7, 2025

Other news includes assistance from the SEC for filers using EDGAR, a probe into Nvidia shipments to Malaysia and another bank reviewing its approach to DEI.

GRIP1 min read
Conferences and events

Privacy experts give advice on complying with DORA and NIS2

March 7, 2025

Adequate preparation, identifying what and who is critical, and, above all, "practice, practice, practice" highlighted.

Martina Lindberg, Jean Hurley3 min read
Podcasts

Podcast: Practice and procedure with GRIP – DORA implementation

March 3, 2025

DORA is a response to persistently elevated cyber threat levels, Jean and Thomas discuss how firms can achieve operational resilience.

Jean Hurley, Thomas Hyrkiel23 min listen
ESMA

ESAs make progress on critical ICT third-party oversight framework

February 24, 2025

ICT providers designated critical under DORA will get six weeks to challenge the designation.

Jean Hurley1 min read