DORA (Regulation 2022/2554)

OneComply implements the five DORA pillars as first-class modules: ICT risk management, ICT incident reporting, digital operational resilience testing, third-party risk, and information sharing.

• /dashboard/dora/ict-risk — ICT risk framework and register.
• /dashboard/incidents?framework=DORA — CSSF 24h / 72h / 1-month reporting.
• /dashboard/dora/resilience-testing — TLPT programme.
• /dashboard/dora/third-party — concentration risk and register of information.

1. Import vendors and assign criticality via the ICT third-party register.
2. Enable DORA controls library — OneComply pre-loads 40+ control objectives.
3. Assign control owners, map evidence (each evidence record may also cover ISO 27001 / NIS2).
4. Run concentration analysis — flag vendors over 10% / 25% of critical spend.
5. Prepare Register of Information (RoI) source data, validate official EBA table rows, and generate the plain XBRL-CSV ZIP package.
6. When an incident occurs, the 24h / 72h / 1-month clock starts automatically.

• Art. 5-14 ICT risk management framework.
• Art. 17-23 ICT-related incident reporting.
• Art. 24-27 Digital operational resilience testing (incl. TLPT).
• Art. 28-44 ICT third-party risk.