EU DORA ICT Risk Management Framework

Detects DORA Article 6 ICT risk management framework documentation and the digital operational resilience strategy of financial entities — board-approved framework documents, risk tolerance statements, and internal audit reviews of the framework. These documents describe the entity's defensive architecture, control gaps, and risk appetite; disclosure hands attackers a map of weaknesses.

Type
keyword_proximity
Engine
universal
Confidence
medium
Confidence justification
Medium confidence: honest topic matcher. 'ICT risk management framework' and 'digital operational resilience strategy' are DORA Article 6 defined phrases, and the 85 tier additionally requires Article 6 vocabulary (risk tolerance level, information security objectives, key performance indicators, digital operational resilience testing). The phrases also appear across the DORA advisory ecosystem — consultancy and academic material is suppressed only by noise exclusions.
Jurisdictions
eu
Regulations
Regulation (EU) 2022/2554 (DORA)
Frameworks
ISO 27001
Data categories
financial, security, governance
Scope
wide
Risk rating
7

Pattern

(?i)\b(?:ICT\s+risk\s+management\s+framework|digital\s+operational\s+resilience\s+strategy)\b

Corroborative evidence keywords

ICT risk management framework, digital operational resilience strategy, risk tolerance level, ICT risk, information security objectives, key performance indicators, digital operational resilience testing, ICT-related incident, communication strategy, Regulation (EU) 2022/2554, DORA, financial entity, board, committee, governance, compliance, fiduciary, oversight, charter, bylaw (+7 more)

Proximity: 300 characters

Should match

Should not match

Known false positives

References