EU-DORA-16-09 Documentation 16 — Simplified ICT risk management framework

Document and periodically review ICT risk management framework

Description

The ICT risk management framework shall be documented and reviewed periodically and upon the occurrence of major ICT-related incidents in compliance with supervisory instructions.

Full Analysis & Evidence Requirements

Sign in to view the full obligation text, AI-generated applicability analysis, evidence checklists, and compliance mapping.

Related Obligations

EU-DORA-16-01 Risk Management

Implement documented ICT risk management framework

EU-DORA-16-02 Monitoring

Continuously monitor ICT systems security and functioning

EU-DORA-16-03 Risk Management

Minimize ICT risk through sound, resilient systems

EU-DORA-16-04 Risk Management

Enable prompt identification and handling of ICT risks and incidents

EU-DORA-16-05 Risk Management

Identify key ICT third-party service provider dependencies

EU-DORA-16-06 Risk Management

Ensure business continuity for critical or important functions

EU-DORA-16-07 Requirement

Regularly test business continuity plans and control effectiveness

EU-DORA-16-08 Requirement

Implement operational conclusions from testing and incidents

EU-DORA-16-10 Requirement

Continuously improve ICT risk management framework

EU-DORA-16-11 Reporting

Submit framework review report to competent authority upon request

Map this obligation to your AI systems

ReguLume automatically maps regulatory obligations to your system inventory, identifies compliance gaps, and generates remediation plans.

Get Started

Document and periodically review ICT risk management framework

Description

Full Analysis & Evidence Requirements

Related Obligations

Map this obligation to your AI systems

Start your compliance assessment