EU-DORA-6-11 Requirement 6 — ICT risk management framework

Ensure auditors have sufficient ICT risk expertise and independence

Description

Auditors conducting ICT risk management framework audits must possess sufficient knowledge, skills and expertise in ICT risk, as well as appropriate independence.

Full Analysis & Evidence Requirements

Sign in to view the full obligation text, AI-generated applicability analysis, evidence checklists, and compliance mapping.

Related Obligations

EU-DORA-6-01 Risk Management

Establish comprehensive ICT risk management framework

EU-DORA-6-02 Requirement

Include minimum components in ICT risk management framework

EU-DORA-6-03 Risk Management

Deploy appropriate ICT risk mitigation measures

EU-DORA-6-04 Transparency

Provide ICT risk information to competent authorities upon request

EU-DORA-6-05 Human Oversight

Assign ICT risk management responsibility to control function

EU-DORA-6-06 Requirement

Ensure segregation of ICT functions according to three lines of defence

EU-DORA-6-07 Documentation

Document and regularly review ICT risk management framework

EU-DORA-6-08 Requirement

Continuously improve ICT risk management framework

EU-DORA-6-09 Reporting

Submit framework review report to competent authority upon request

EU-DORA-6-10 Monitoring

Subject ICT risk management framework to regular internal audit

Map this obligation to your AI systems

ReguLume automatically maps regulatory obligations to your system inventory, identifies compliance gaps, and generates remediation plans.

Get Started

Ensure auditors have sufficient ICT risk expertise and independence

Description

Full Analysis & Evidence Requirements

Related Obligations

Map this obligation to your AI systems

Start your compliance assessment