Skip to main content
DORA Auditor

Article 24: General requirements for resilience testing

Last updated: 1 authoritative sourceDORA Auditor Editorial Team

Article 24 requires financial entities to establish, maintain, and review a sound and comprehensive digital operational resilience testing programme as an integral part of the ICT risk-management framework, proportionate to size and risk profile.

Chapter IV, Digital operational resilience testing · Pillar: Digital Resilience Testing

Key points

  • Mandates a resilience-testing programme
  • Integral to the ICT risk-management framework
  • Applied proportionately to size and risk

How this fits DORA

Article 24 sits within the Digital Resilience Testing pillar. For the full set of obligations and how they interlock, see the DORA requirements overview.

Read the official text

This is an editorial summary. Read the binding text of Article 24 in the consolidated regulation on EUR-Lex.

Sources

  1. Regulation (EU) 2022/2554 (DORA), EUR-Lex