Article 5: Governance and organisation
Last updated: 1 authoritative sourceDORA Auditor Editorial Team
Article 5 places ultimate responsibility for managing ICT risk on the management body of the financial entity. The board must define, approve, and oversee the ICT risk-management framework and maintain sufficient ICT knowledge.
Chapter II, ICT risk management · Pillar: ICT Risk Management
Key points
- Management body bears ultimate accountability for ICT risk
- Board must approve and oversee the ICT risk-management framework
- Requires adequate ICT knowledge at board level
How this fits DORA
Article 5 sits within the ICT Risk Management pillar. For the full set of obligations and how they interlock, see the DORA requirements overview.
Read the official text
This is an editorial summary. Read the binding text of Article 5 in the consolidated regulation on EUR-Lex.