Skip to main content
DORA Auditor

Article 6: ICT risk management framework

Last updated: 1 authoritative sourceDORA Auditor Editorial Team

Article 6 requires each financial entity to maintain a sound, comprehensive, and well-documented ICT risk-management framework to identify, protect against, detect, respond to, and recover from ICT-related risk. The framework must be reviewed at least annually.

Chapter II, ICT risk management · Pillar: ICT Risk Management

Key points

  • Mandates a documented ICT risk-management framework
  • Covers identify, protect, detect, respond, recover
  • Requires at least annual review

How this fits DORA

Article 6 sits within the ICT Risk Management pillar. For the full set of obligations and how they interlock, see the DORA requirements overview.

Read the official text

This is an editorial summary. Read the binding text of Article 6 in the consolidated regulation on EUR-Lex.

Sources

  1. Regulation (EU) 2022/2554 (DORA), EUR-Lex