EU-DORA-6-03
Risk Management
6 — ICT risk management framework
Deploy appropriate ICT risk mitigation measures
Description
Full Analysis & Evidence Requirements
Sign in to view the full obligation text, AI-generated applicability analysis, evidence checklists, and compliance mapping.
Sign In to ViewRelated Obligations
EU-DORA-6-01
Risk Management
Establish comprehensive ICT risk management framework
EU-DORA-6-02
Requirement
Include minimum components in ICT risk management framework
EU-DORA-6-04
Transparency
Provide ICT risk information to competent authorities upon request
EU-DORA-6-05
Human Oversight
Assign ICT risk management responsibility to control function
EU-DORA-6-06
Requirement
Ensure segregation of ICT functions according to three lines of defence
EU-DORA-6-07
Documentation
Document and regularly review ICT risk management framework
EU-DORA-6-08
Requirement
Continuously improve ICT risk management framework
EU-DORA-6-09
Reporting
Submit framework review report to competent authority upon request
EU-DORA-6-10
Monitoring
Subject ICT risk management framework to regular internal audit
EU-DORA-6-11
Requirement
Ensure auditors have sufficient ICT risk expertise and independence
Map this obligation to your AI systems
ReguLume automatically maps regulatory obligations to your system inventory, identifies compliance gaps, and generates remediation plans.
Get Started