DORA Implementation
Operationalizing the Digital Operational Resilience Act.
This DORA section translates publicly available BaFin information and DORA structures into actionable target states, measures, evidence, and review logic for financial institutions.
Note: This presentation does not constitute a complete reproduction of the DORA Regulation or BaFin documents. The original supervisory sources are always authoritative.
67
Sollmaßnahmen (gesamt)
40
Artikel in der Plattform
9
Themenbereiche
9
Kapitel (I–IX)
DORA Artikel-Struktur (Artikel 1–64)
Anwendungsbereich, Begriffsbestimmungen, Zuständigkeiten.
IKT-Risikomanagementrahmen, Identifizierung, Schutz, Erkennung, Reaktion, Wiederherstellung, Lernprozesse, Kommunikation.
Klassifizierung, Meldefristen (24h/72h), Bug-Bounty-Programme.
Testprogramm, TLPT, Threat-Led Penetration Testing.
Vertragsanforderungen, Konzentrationsrisiko, OVS, Aufsichtsgebühren.
Registerpflichten, Meldewege, Datenqualität.
Benennung, Bewertung, Meldung kritischer oder wichtiger Funktionen.
Beteiligung an gemeinsamen Übungen, Aufsichtsgebühren, Sanktionen.
RTS/ITS, Übergangsfristen, Inkrafttreten.
Themenbereiche & Maßnahmen
ICT Risk Management
Governance, risk identification, protection needs, controls, monitoring, and evidence.
Kapitel II
ICT-Related Incidents
Handling, classification, reporting, escalation, and lessons learned.
Kapitel III
Resilience Testing and TLPT
Structured integration of risk-based test programmes and Threat-Led Penetration Testing.
Kapitel IV
ICT Third-Party Risk
Make contracts, service chains, exit, concentration risks and audit rights actionable.
Kapitel V
Information Register
Structure registration obligations, data quality, filing, and professional responsibilities.
Kapitel VI
Critical or Important Functions
Methodology for determining CIF with outage and regulatory violation scenarios.
Kapitel VII
Regulated Activities
Activity inventory, EBA identifiers, and linkage to CIF and information register.
Kapitel I
ICT Contracts
Contract classification, minimum content, exit, subcontractors, and audit rights.
Kapitel V
ICT Policies
Policy inventory, document control, approval, and review triggers.
Kapitel II
Documentation Requirements
Consolidate verification obligations, documentation logic, and auditable artefacts in a single overview.
Kapitel II
DORA Timeline
Key milestones and deadlines from 2024 to 2028: entry into force, reporting obligations, TLPT, and further key dates.
Kapitel IX
DORA Glossary
Over 25 regulatory terms explained: CIF, CTPP, T2S, MVP, and further technical terms with cross-references.
Kapitel I
Neu
Quick-Start Guide
DORA Quick-Start: In 30 Tagen konform starten
Praktischer Einstieg für Compliance-Offiziere und Risikomanager: 30-Tage-Roadmap, Selbstbewertung, 5 Quick Wins und FAQ.