Skip to main content
DORA Auditor

DORA Incident Response Planning

Last updated: 2 authoritative sourcesDORA Auditor Editorial Team

DORA incident response planning establishes the processes a financial entity uses to detect, manage, classify, and report major ICT-related incidents under Articles 17–23. A tested plan is what lets an entity meet DORA's strict reporting deadlines under pressure.

What the plan must enable

The plan defines detection and triage, the criteria that make an incident major, escalation paths, and the three-stage reporting flow (initial, intermediate, and final report) to the competent authority. Use our incident classifier to check whether a given incident is reportable.

Testing and roles

Response plans should be exercised regularly and integrated with the ICT risk-management framework and business-continuity arrangements, with clear roles across ICT, compliance, and the management body.

Frequently asked questions

What are DORA's incident reporting deadlines?
How do I know if an incident is reportable?
Does DORA require incident response testing?

Sources

  1. Regulation (EU) 2022/2554 (DORA), EUR-Lex
  2. ESMA, Digital Operational Resilience Act (DORA)