Article 24: General requirements for resilience testing
Last updated: 1 authoritative sourceDORA Auditor Editorial Team
Article 24 requires financial entities to establish, maintain, and review a sound and comprehensive digital operational resilience testing programme as an integral part of the ICT risk-management framework, proportionate to size and risk profile.
Chapter IV, Digital operational resilience testing · Pillar: Digital Resilience Testing
Key points
- Mandates a resilience-testing programme
- Integral to the ICT risk-management framework
- Applied proportionately to size and risk
How this fits DORA
Article 24 sits within the Digital Resilience Testing pillar. For the full set of obligations and how they interlock, see the DORA requirements overview.
Read the official text
This is an editorial summary. Read the binding text of Article 24 in the consolidated regulation on EUR-Lex.