DORA is assessed on evidence, not on intentions. A measure that is "in place" but undocumented is what a supervisor treats as a gap. Answer according to what you could demonstrate: written policies, registers, minutes, test reports.
Management body accountability. Under Regulation (EU) 2022/2554, the management body defines, approves, oversees and is accountable for the implementation of the ICT risk management framework. The Regulation has applied since 17 January 2025 and is directly applicable, with no national transposition.
Get your analysis
Enter your professional details to complete your self-assessment. Our team can then send you a personalised analysis of your situation.