In this issue, we look at the latest BaFin publications on DORA: The supervisory authority specifies the simplified ICT risk management framework, explains how the implementation of this framework must be documented and provides additional information on dealing with third-party risks.
Table of Contents
- BaFin specifies simplified ICT risk management framework (Art. 16 DORA)
- Overview of DORA documentation requirements – practical implementation of the ICT framework
- FAQ on the management of ICT third-party risks
- Now receive the most important compliance messages every week free of charge
BaFin specifies simplified ICT risk management framework (Art. 16 DORA)
Applicable for: Compliance officers, management boards of small financial companies, ICT risk managers
Important measures
- Align existing ICT governance and controls with the requirements of Art. 16 DORA.
- Adapt asset inventory and risk analysis processes to the new standards.
- Regularly test and document emergency and resilience plans.
Overview of DORA documentation requirements – practical implementation of the ICT framework
Applicable for: Compliance officers, central units of financial groups, internal audit
Important measures
- Systematically record documentation obligations – reflects the practical implementation of the ICT framework.
- Standardize reporting and verification formats at an early stage to ensure compliance and reporting.
- Ensure coordination between compliance, ICT and internal audit so that governance and risk management requirements are implemented in a transparent manner.
FAQ on the management of ICT third-party risks
Applicable for: Compliance and outsourcing managers, ICT risk managers
Important measures
- Check contracts with ICT service providers for DORA-compliant risk allocation.
- Adapt outsourcing register and control processes to the FAQ notes.
- Sharpen early warning and escalation mechanisms for critical ICT failures.
Now receive the most important compliance messages every week free of charge
Many compliance officers already use our free service and receive the most important news from the areas of compliance, money laundering prevention, data protection and IT security. We provide a weekly overview of the most important reports and categorize them.
Subscribe now free of charge.
Would you like to be up to date every day?
Our legal rights monitoring software gives you access to all reports and allows you to filter them by relevance, type and area. You can create and download summaries. Get in touch with us.
We wish you a successful week.
Your Riscreen team