Description

Last Seen
Control Type
Control Owner
Control Approver
Target State
Baseline State
Monitored

The Digital Operational Resilience Act (DORA) establishes a harmonized regulation for managing ICT risk, resilience, and regulatory compliance across the EU financial sector. It mandates financial entities to implement robust ICT risk management, incident detection and reporting, resilience testing, and third-party risk management, while encouraging cyber threat intelligence sharing.

DORA enforces Real-time and Continuous Monitoring, incident classification, regulatory reporting, third-party oversight, and resilience testing to ensure financial stability and operational continuity against cyber threats and ICT disruptions. The DORA dashboard provides a centralized view of compliance status, incident metrics, testing results, third-party risk exposure, and regulatory reporting to support proactive risk management and regulatory adherence.

EMEA/EU DORA

C1-General

Art 1

Art 2

Art 3

Art 4

1/0

2/0

3/0

C2-ICTRiskMgmt

Art 5

1/0

2(a)/0

2(b)/0

2(c)/0

2(d)/0

2(e)/0

2(f)/0

2(g)/0

2(h)/0

2(i)(i)/0

2(i)(ii)/0

2(i)(iii)/0

2/0

3/0

4/0

Art 6

1/0

2/0

3/0

4/0

5/0

6/0

7/0

8(a)/0

8(b)/0

8(c)/0

8(d)/0

8(e)/0

8(f)/0

8(g)/0

8(h)/0

8/0

9/0

10/0

Art 7

(a)//0

(b)//0

(c)//0

(d)//0

Art 8

1/0

2/0

3/0

4/0

CriSystem

5/0

6/0

CMDBcov

7/0

Art 9

1/0

2/0

3(a)/0

CovCriMang

CriPatch

3(b)/0

CovCriMang

CriPatch

3(c)/0

CovCriMang

CriPatch

3(d)/0

CovCriMang

CriPatch

4(a)/0

4(b)/0

4(c)/0

4(d)/0

Acc-w/o-MFA

CriWithMfa

ExtSerCloud

NotPAM

WithoutMFA

4(e)/0

4(f)/0

Art 10

Art 11

1/0

2(a)/0

2(b)/0

2(c)/0

2(d)/0

2(e)/0

2/0

3/0

4/0

5/0

6(a)/0

BCMplans

CricRTOs

DRtest

6(b)/0

7/0

8/0

9/0

10/0

11/0

Art 12

1(a)/0

1(b)/0

1/0

2/0

% prod backups

Failing Backups

crit fail back

3/0

4/0

5(a)/0

5(b)/0

5(c)/0

5/0

6/0

7/0

Art 13

1/0

2(a)/0

2(b)/0

2(c)/0

2(d)/0

2/0

3/0

4/0

5/0

6/0

# phish creds

% sec training

phish > 3

phish click

7/0

Art 14

1/0

2/0

3/0

Art 15

Art 16

1(a)/0

commit docs

1(b)/0

commit docs

1(c)/0

commit docs

1(d)/0

commit docs

1(e)/0

commit docs

1(f)/0

commit docs

1(g)/0

commit docs

1(h)/0

commit docs

C3-ICTIncMgmt

Art 17

1/0

High Inc Count

Incident Manage

Low Inc Count

Med Inc Count

2/0

3(a)/0

3(b)/0

3(c)/0

3(d)/0

3(e)/0

3(f)/0

Art 18

1(a)/0

1(b)/0

RTO incident

1(c)/0

1(d)/0

1(e)/0

1(f)/0

1/0

2/0

CritCyber Month

CritCyber Quart

CritCyber Year

3/0

4(a)/0

4(b)/0

4(c)/0

5/0

Art 19

External comm

Art 20

Art 21

Art 22

Art 23

C4-OpRes

Art 24

1/0

DRtest

2/0

BCMplans

3/0

CricRTOs

4/0

5/0

6/0

Art 25

1/0

CricEndVuln

CricInterVuln

DomHighVuln

DomVuln

ExplVuln

HighEndVuln

HighExtVuln

NoCriVuln

NoHighVuln

2/0

CriSastDast

HighSastDast

3/0

RedTeam

Art 26

1/0

TLPs

2/0

3/0

4/0

5/0

6/0

7/0

8(a)/0

8(b)/0

8(c)/0

8/0

Art 27

1(a)/0

PenTest

1(b)/0

PenTest

1(c)/0

PenTest

1(d)/0

PenTest

1(e)/0

PenTest

2(a)/0

2(b)/0

2(c)/0

3/0

C5-3rdParty

Art 28

1(a)/0

1(b)(i)/0

1(b)(ii)/0

1(b)/0

1/0

2/0

3/0

3rdPartyInfoReg

HighRiskSupplrs

NewContracts12M

4(a)/0

4(b)/0

4(c)/0

4(d)/0

4(e)/0

5/0

AuditCompletion%

CrtSupSecPct

6/0

7(a)/0

7(b)/0

7(c)/0

7(d)/0

8(a)/0

8(b)/0

8(c)/0

8/0

Art 29

1(a)/0

1(b)/0

2/0

Service%Rate

Art 30

1/0

2(a)/0

2(b)/0

2(c)/0

2(d)/0

2(e)/0

2(f)/0

2(g)/0

2(h)/0

3(a)/0

3(b)/0

3(c)/0

3(d)/0

3(e)(i)/0

3(e)(ii)/0

3(e)(iii)/0

3(e)(iv)/0

3(f)(i)/0

3(f)(ii)/0

4/0

Art 31

Art 32

Art 33

Art 34

Art 35

Art 36

Art 37

Art 38

Art 39

Art 40

Art 41

Art 42

Art 43

Art 44

C6-Sharing

Art 45

1(a)/0

1(b)/0

1(c)/0

InfoShareActive

InfoSharePolRev

1/0

Demo Metric 3

2/0

3/0

EMEA/EU DORA

94.74%

Status

OK: 83.33%

Degraded: 16.67%

Failed: 0%

Tags & Metadata

Group Metrics

Last processed

9:14 AM on 28-02-2025

Item Type

Group

Monitored State

Monitored

Approver

Owain Rowley

Downstream Items

Search:

	Name	Result	Last Seen
DORA/Chapter 4 - Digitial Operational Resilience Testing	EMEA/EU DORA/C4-OpRes	82.29175058/93.3945136 Control Degraded (NotOK) 82.29%	28/02/2025, 09:14:50 last observed
DORA/Chapter 5 - Managing of ICT Third-Party Risk	EMEA/EU DORA/C5-3rdParty	98.69134752/100 Control Degraded (NotOK) 98.69%	28/02/2025, 10:14:06 last observed
DORA/Chapter 1 - General Provisions	EMEA/EU DORA/C1-General	100/100 Control Degraded (NotOK) 100%	28/02/2025, 11:14:04 last observed
DORA/Chapter 6 - Information-sharing Arrangements	EMEA/EU DORA/C6-Sharing	98.06279225/100 Control Degraded (NotOK) 98.06%	28/02/2025, 10:14:10 last observed
DORA/Chapter 2 - ICT Risk Mgmt.	EMEA/EU DORA/C2-ICTRiskMgmt	92.88049312/100 Control Degraded (NotOK) 92.88%	28/02/2025, 11:14:46 last observed

Showing 1 to 5 of 6 entries

Historical Trend

Chapter I: General Provisions

This chapter establishes the scope, applicability, and foundational principles of DORA, ensuring entities and ICT third-party providers adopt a uniform approach to digital operational resilience.

EMEA/EU DORA/C1-General

100%

4 0 0

0-44

45-74

75-100

Jan 29 Feb 28

No Avg Change

Name/ID	Current	Sep	Oct	Nov	Dec	Jan	Feb
EMEA/EU DORA/C1-General/Art 1	100%	100%	100%	100%	100%	100%	100%
EMEA/EU DORA/C1-General/Art 2	100%	100%	100%	100%	100%	100%	100%
EMEA/EU DORA/C1-General/Art 3	100%	100%	100%	100%	100%	100%	100%
EMEA/EU DORA/C1-General/Art 4	100%	100%	100%	100%	100%	100%	100%

Chapter II: ICT Risk Management

This chapter mandates entities to establish, implement, and maintain an effective ICT risk management framework, ensuring operational resilience against cyber threats and ICT disruptions

EMEA/EU DORA/C2-ICTRiskMgmt

92.88%

9 3 0

0-44

45-74

75-100

Jan 29 Feb 28

Avg Decrease of -3%

Name/ID	Current	Sep	Oct	Nov	Dec	Jan	Feb
EMEA/EU DORA/C2-ICTRiskMgmt/Art 5	100%	100%	100%	100%	100%	100%	100%
EMEA/EU DORA/C2-ICTRiskMgmt/Art 6	100%	100%	100%	100%	100%	100%	100%
EMEA/EU DORA/C2-ICTRiskMgmt/Art 7	100%	100%	100%	100%	100%	100%	100%
EMEA/EU DORA/C2-ICTRiskMgmt/Art 8	79.3%	85%	83%	79%	79%	80%	79%
EMEA/EU DORA/C2-ICTRiskMgmt/Art 9	81.0%	84%	82%	81%	80%	80%	81%
EMEA/EU DORA/C2-ICTRiskMgmt/Art 10	100%	100%	100%	100%	100%	100%	100%
EMEA/EU DORA/C2-ICTRiskMgmt/Art 11	97.9%	98%	98%	98%	98%	98%	98%
EMEA/EU DORA/C2-ICTRiskMgmt/Art 12	92.9%	95%	95%	96%	96%	95%	96%
EMEA/EU DORA/C2-ICTRiskMgmt/Art 13	97.5%	97%	97%	97%	97%	97%	97%
EMEA/EU DORA/C2-ICTRiskMgmt/Art 14	100%	100%	100%	100%	100%	100%	100%
EMEA/EU DORA/C2-ICTRiskMgmt/Art 15	100%	100%	100%	100%	100%	100%	100%
EMEA/EU DORA/C2-ICTRiskMgmt/Art 16	66.7%	82%	61%	66%	69%	69%	68%

Chapter III: ICT-related Incident Management, Classification and Reporting

This chapter establishes requirements for entities to detect, classify, and report ICT-related incidents, ensuring timely response and regulatory compliance.

EMEA/EU DORA/C3-ICTIncMgmt

99.05%

7 0 0

0-44

45-74

75-100

Jan 29 Feb 28

No Avg Change

Name/ID	Current	Sep	Oct	Nov	Dec	Jan	Feb
EMEA/EU DORA/C3-ICTIncMgmt/Art 17	100%	100%	100%	100%	100%	100%	100%
EMEA/EU DORA/C3-ICTIncMgmt/Art 18	93.3%	93%	92%	92%	92%	92%	92%
EMEA/EU DORA/C3-ICTIncMgmt/Art 19	100%	100%	100%	100%	100%	100%	100%
EMEA/EU DORA/C3-ICTIncMgmt/Art 20	100%	100%	100%	100%	100%	100%	100%
EMEA/EU DORA/C3-ICTIncMgmt/Art 21	100%	100%	100%	100%	100%	100%	100%
EMEA/EU DORA/C3-ICTIncMgmt/Art 22	100%	100%	100%	100%	100%	100%	100%
EMEA/EU DORA/C3-ICTIncMgmt/Art 23	100%	100%	100%	100%	100%	100%	100%

Chapter IV: Digital Operational Resilience Testing

This chapter mandates entities to regularly test their ICT security and resilience through risk-based digital operational resilience testing, ensuring preparedness against cyber threats and operational disruptions.

EMEA/EU DORA/C4-OpRes

82.29%

2 2 0

0-44

45-74

75-100

Jan 29 Feb 28

No Avg Change

Name/ID	Current	Sep	Oct	Nov	Dec	Jan	Feb
EMEA/EU DORA/C4-OpRes/Art 24	83.6%	84%	84%	83%	84%	83%	83%
EMEA/EU DORA/C4-OpRes/Art 25	44.6%	48%	44%	44%	44%	43%	43%
EMEA/EU DORA/C4-OpRes/Art 26	94.2%	95%	95%	95%	95%	94%	95%
EMEA/EU DORA/C4-OpRes/Art 27	100%	100%	100%	100%	100%	100%	100%

Chapter V: Managing of ICT Third-Party Risk

This chapter establishes a comprehensive framework for entities to identify, assess, monitor, and mitigate ICT third-party risks, ensuring resilience in outsourced ICT services.

EMEA/EU DORA/C5-3rdParty

98.69%

17 0 0

0-44

45-74

75-100

Jan 29 Feb 28

No Avg Change

Name/ID	Current	Sep	Oct	Nov	Dec	Jan	Feb
EMEA/EU DORA/C5-3rdParty/Art 28	96.4%	95%	95%	95%	96%	96%	96%
EMEA/EU DORA/C5-3rdParty/Art 29	86.9%	84%	84%	84%	83%	83%	83%
EMEA/EU DORA/C5-3rdParty/Art 30	100%	100%	100%	100%	100%	100%	100%
EMEA/EU DORA/C5-3rdParty/Art 31	100%	100%	100%	100%	100%	100%	100%
EMEA/EU DORA/C5-3rdParty/Art 32	100%	100%	100%	100%	100%	100%	100%
EMEA/EU DORA/C5-3rdParty/Art 33	100%	100%	100%	100%	100%	100%	100%
EMEA/EU DORA/C5-3rdParty/Art 34	100%	100%	100%	100%	100%	100%	100%
EMEA/EU DORA/C5-3rdParty/Art 35	100%	100%	100%	100%	100%	100%	100%
EMEA/EU DORA/C5-3rdParty/Art 36	100%	100%	100%	100%	100%	100%	100%
EMEA/EU DORA/C5-3rdParty/Art 37	100%	100%	100%	100%	100%	100%	100%
EMEA/EU DORA/C5-3rdParty/Art 38	100%	100%	100%	100%	100%	100%	100%
EMEA/EU DORA/C5-3rdParty/Art 39	100%	100%	100%	100%	100%	100%	100%
EMEA/EU DORA/C5-3rdParty/Art 40	100%	100%	100%	100%	100%	100%	100%
EMEA/EU DORA/C5-3rdParty/Art 41	100%	100%	100%	100%	100%	100%	100%
EMEA/EU DORA/C5-3rdParty/Art 42	100%	100%	100%	100%	100%	100%	100%
EMEA/EU DORA/C5-3rdParty/Art 43	100%	100%	100%	100%	100%	100%	100%
EMEA/EU DORA/C5-3rdParty/Art 44	100%	100%	100%	100%	100%	100%	100%

Chapter VI: Information-Sharing Arrangements

This chapter promotes voluntary cyber threat intelligence sharing among entities to enhance collective digital resilience, while ensuring security, confidentiality, and compliance with data protection laws.

EMEA/EU DORA/C6-Sharing

98.06%

1 0 0

0-44

45-74

75-100

Jan 29 Feb 28

No Avg Change

Name/ID	Current	Trend	Sep	Oct	Nov	Dec	Jan	Feb
EMEA/EU DORA/C6-Sharing/Art 45	98.1%		97%	97%	98%	98%	98%	98%

Search:

Title	Name/ID	Current	Threshold	State	Oct '24	Nov '24	Dec '24	Jan '25	Feb '25
Number of mock phish testing - credential entry	# phish creds	260	<=450 failing tests = green=500 failing tests = amber>=550 failing tests = red	passed	258	251	252	241	260	Description: Number of mock phish testing - credential entry. Tags: Metrics
Percentage coverage for production backups	% prod backups	100	=100% passing jobs = green=50% passing jobs = amber=0% passing jobs = red	degraded	100	100	100	100	100	Description: Percentage coverage for production backups. Tags: Metrics Security KRIs global
Percentage of security training complete on time	% sec training	196	=100% passing trainings = green=50% passing trainings = amber=0% passing trainings = red	degraded	196	196	196	196	196	Description: Percentage of security training complete on time. Tags: Metrics
EMEA/EU DORA/C2-ICTRiskMgmt/Art 7/(a)//0	(a)//0	0	overall score from combining underlying metrics/controls and graded in increments of 10 e.g >=90% = green	passed	0	0	0	0	0	Description: In order to address and manage ICT risk, financial entities shall use and maintain updated ICT systems, protocols and tools that are - appropriate to the magnitude of operations supporting the conduct of their activities,. Tags: Control Metrics
EMEA/EU DORA/C2-ICTRiskMgmt/Art 7/(b)//0	(b)//0	0	overall score from combining underlying metrics/controls and graded in increments of 10 e.g >=90% = green	passed	0	0	0	0	0	Description: In order to address and manage ICT risk, financial entities shall use and maintain updated ICT systems, protocols and tools that are - reliable. Tags: Control Metrics
EMEA/EU DORA/C2-ICTRiskMgmt/Art 7/(c)//0	(c)//0	0	overall score from combining underlying metrics/controls and graded in increments of 10 e.g >=90% = green	passed	0	0	0	0	0	Description: In order to address and manage ICT risk, financial entities shall use and maintain updated ICT systems, protocols and tools that are - equipped with sufficient capacity to accurately process the data necessary for the performance of activities and the timely provision of services. Tags: Control Metrics
EMEA/EU DORA/C2-ICTRiskMgmt/Art 7/(d)//0	(d)//0	0	overall score from combining underlying metrics/controls and graded in increments of 10 e.g >=90% = green	passed	0	0	0	0	0	Description: In order to address and manage ICT risk, financial entities shall use and maintain updated ICT systems, protocols and tools that are - technologically resilient in order to adequately deal with additional information processing needs as required under stressed market conditions or other adverse situations. Tags: Control Metrics
EMEA/EU DORA/C5-3rdParty/Art 28/1(a)/0	1(a)/0	0	overall score from combining underlying metrics/controls and graded in increments of 10 e.g >=90% = green	passed	0	0	0	0	0	Description: Financial entities shall manage ICT third-party risk as an integral component of ICT risk within their ICT risk management framework as referred to in Article 6(1), and in accordance with the following principles - financial entities that have in place contractual arrangements for the use of ICT services to run their business operations shall, at all times, remain fully responsible for compliance with, and the discharge of, all obligations under this Regulation and applicable financial services law. Tags: Control Metrics
EMEA/EU DORA/C5-3rdParty/Art 29/1(a)/0	1(a)/0	0	overall score from combining underlying metrics/controls and graded in increments of 10 e.g >=90% = green	passed	0	0	0	0	0	Description: When performing the identification and assessment of risks referred to in Article 28(4), point (c), financial entities shall also take into account whether the envisaged conclusion of a contractual arrangement in relation to ICT services supporting critical or important functions would lead to any of the following: - contracting an ICT third-party service provider that is not easily substitutable; or. Tags: Control Metrics
EMEA/EU DORA/C2-ICTRiskMgmt/Art 16/1(a)/0	1(a)/0	0	overall score from combining underlying metrics/controls and graded in increments of 10 e.g >=90% = green	degraded	0	0	0	0	0	Description: Simplified ICT risk management framework - put in place and maintain a sound and documented ICT risk management framework that details the mechanisms and measures aimed at a quick, efficient and comprehensive management of ICT risk, including for the protection of relevant physical components and infrastructures. Tags: Control Metrics

Showing 1 to 10 of 260 entries

Last Seen:
Control Owner:
Control Approver:

Latest Evidence

Description

Calculations

Metadata

Links

Relationships

Tags

Entity Scope

Description

Calculations

Metadata

Events (Past 7 Days)

Relationships

Evidence Picker

Evidence

Risk Score

Org Chart

Metadata

Tags

Timeline

Discovered By

Evidence

DORA: Digital Operational Resilience Act

DORA Implementation Summary

EMEA/EU DORA

DORA Overview

EMEA/EU DORA

Status

Tags & Metadata

Downstream Items

DORA Adoption Status

Showcasing the status of the adopted DORA Chapters - the bullet chart displays the current score's percentage relative to the target and indicates whether it exceeds or falls short with a clear +/- direction.

DORA Adoption Trend

Trend of DORA adoption over a month's duration.

Chapter I: General Provisions

EMEA/EU DORA/C1-General

100%

DORA - Chapter I

Chapter II: ICT Risk Management

EMEA/EU DORA/C2-ICTRiskMgmt

92.88%

DORA - Chapter II

Chapter III: ICT-related Incident Management, Classification and Reporting

EMEA/EU DORA/C3-ICTIncMgmt

99.05%

DORA - Chapter III

Chapter IV: Digital Operational Resilience Testing

EMEA/EU DORA/C4-OpRes

82.29%

DORA - Chapter IV

Chapter V: Managing of ICT Third-Party Risk

EMEA/EU DORA/C5-3rdParty

98.69%

DORA - Chapter V

Chapter VI: Information-Sharing Arrangements

EMEA/EU DORA/C6-Sharing

98.06%

DORA - Chapter VI

DORA

Description:

Tags:

Description:

Tags:

Description:

Tags:

Description:

Tags:

Description:

Tags:

Description:

Tags:

Description:

Tags:

Description:

Tags:

Description:

Tags:

Description:

Tags: