DORA Incident Response Planning
DORA incident response planning establishes the processes a financial entity uses to detect, manage, classify, and report major ICT-related incidents under Articles 17–23. A tested plan is what lets an entity meet DORA's strict reporting deadlines under pressure.
What the plan must enable
The plan defines detection and triage, the criteria that make an incident major, escalation paths, and the three-stage reporting flow (initial, intermediate, and final report) to the competent authority. Use our incident classifier to check whether a given incident is reportable.
Testing and roles
Response plans should be exercised regularly and integrated with the ICT risk-management framework and business-continuity arrangements, with clear roles across ICT, compliance, and the management body.
Frequently asked questions
What are DORA's incident reporting deadlines?
Major incidents follow a three-stage flow, an initial notification, an intermediate report, and a final report, with deadlines set in the RTS/ITS on incident reporting.
How do I know if an incident is reportable?
Assess it against the classification criteria (clients affected, duration, data loss, economic impact). Our classifier gives an instant estimate.
Does DORA require incident response testing?
DORA requires business-continuity and response plans to be maintained and tested as part of the ICT risk-management framework.