Overview
1. Governance, Strategy and Planning
Section titled “1. Governance, Strategy and Planning”This category includes high-level planning, decision-making, and strategic direction documents foundational to DORA compliance.
- Project Launch Decision
- Project Plan
- Initial Training Plan
- Digital Operational Resilience Strategy
- ICT Project Management Policy
- ICT Change Management Procedure
- ICT systems Acquisition, Development, and Maintenance Policy
2. Risk Management
Section titled “2. Risk Management”Focused on identifying, assessing, mitigating, and accepting ICT risks, aligned with DORA’s emphasis on risk-based approaches.
- Risk Management Policy
- Risk Management Methodology
- Risk Assessment Table
- Risk Treatment Table
- Acceptance of Residual Risks
- Report on the Review of ICT Risk Management Framework
3. Business Continuity and Crisis Management
Section titled “3. Business Continuity and Crisis Management”These documents ensure operational resilience during disruptions, fulfilling a core pillar of DORA.
- Crisis Management Plan
- Business Continuity Plan
- Disruptive Incident Response Plan
- List of Business Continuity Sites
- Transportation Plan
- Key Contacts
- ICT Disaster Recovery Plan
- BI Department Recovery Plan
- Exercising and Testing Plan
- Business Impact Analysis Methodology
- Business Impact Analysis Questionnaire
4. ICT Security and Controls
Section titled “4. ICT Security and Controls”Policies and procedures related to access, data, network, and endpoint security. Critical for safeguarding information and systems.
- Access Control Policy
- Identification and Authentication Policy
- Password Policy
- Encryption and Cryptographic Controls Policy
- Information Classification Policy
- Physical Security Policy
- Network Security Policy
- Logging and Monitoring Procedure
- Vulnerability and Patch Management Procedure
- Threat Intelligence Program
5. User and Asset Management
Section titled “5. User and Asset Management”Controls and guidelines around users, devices, and asset handling to minimize operational risks.
- Acceptable Use Policy
- Clear Desk and Clear Screen Policy
- Portable Device and Remote Work Policy
- Bring Your Own Device (BYOD) Policy
- Asset Management Policy
- Disposal and Destruction Policy
- Information Transfer Policy
- Data Retention Policy
6. Third-Party and Exit Strategy
Section titled “6. Third-Party and Exit Strategy”Addresses supplier relationships and how services can be exited without loss of operational continuity—key under DORA’s third-party risk mandates.
- Supplier Security Policy
- ICT Service Exit Strategy
- Service Provider Exit Plan
- Confidentiality Statement
7. Monitoring, Audits and Compliance
Section titled “7. Monitoring, Audits and Compliance”Encompasses measurement, auditing, and corrective mechanisms to validate operational resilience and compliance efforts.
- Measurement Methodology
- Measurement Report
- Internal Audit Procedure
- Management Review Procedure
- Procedure for Corrective Actions
- Corrective Action Form
- Security Training and Awareness Plan
- Major Incident Notification for Clients
- Minor Incident Response Procedure
- Incident Handling Policy