EU-DORA-16-03
Risk Management
16 — Simplified ICT risk management framework
Minimize ICT risk through sound, resilient systems
Description
Full Analysis & Evidence Requirements
Sign in to view the full obligation text, AI-generated applicability analysis, evidence checklists, and compliance mapping.
Sign In to ViewRelated Obligations
EU-DORA-16-01
Risk Management
Implement documented ICT risk management framework
EU-DORA-16-02
Monitoring
Continuously monitor ICT systems security and functioning
EU-DORA-16-04
Risk Management
Enable prompt identification and handling of ICT risks and incidents
EU-DORA-16-05
Risk Management
Identify key ICT third-party service provider dependencies
EU-DORA-16-06
Risk Management
Ensure business continuity for critical or important functions
EU-DORA-16-07
Requirement
Regularly test business continuity plans and control effectiveness
EU-DORA-16-08
Requirement
Implement operational conclusions from testing and incidents
EU-DORA-16-09
Documentation
Document and periodically review ICT risk management framework
EU-DORA-16-10
Requirement
Continuously improve ICT risk management framework
EU-DORA-16-11
Reporting
Submit framework review report to competent authority upon request
Map this obligation to your AI systems
ReguLume automatically maps regulatory obligations to your system inventory, identifies compliance gaps, and generates remediation plans.
Get Started