Article 6: ICT risk management framework
Last updated: 1 authoritative sourceDORA Auditor Editorial Team
Article 6 requires each financial entity to maintain a sound, comprehensive, and well-documented ICT risk-management framework to identify, protect against, detect, respond to, and recover from ICT-related risk. The framework must be reviewed at least annually.
Chapter II, ICT risk management · Pillar: ICT Risk Management
Key points
- Mandates a documented ICT risk-management framework
- Covers identify, protect, detect, respond, recover
- Requires at least annual review
How this fits DORA
Article 6 sits within the ICT Risk Management pillar. For the full set of obligations and how they interlock, see the DORA requirements overview.
Read the official text
This is an editorial summary. Read the binding text of Article 6 in the consolidated regulation on EUR-Lex.