1.   As part of the ICT risk management framework referred to in Article 6(1) and based on the identification requirements set out in Article 8, financial entities shall put in place a comprehensive ICT business continuity policy, which may be adopted as a dedicated specific policy, forming an integral part of the overall business continuity policy of the financial entity. 2.   Financial entities shall implement the ICT business continuity policy through dedicated, appropriate and documented arrangements, plans, procedures and mechanisms aiming to: (a) ensure the continuity of the financial entity’s critical or important functions; (b) quickly, appropriately and effectively respond to, and resolve, all ICT-related incidents in a way … Continue reading Article 11 DORA – Response and recoveryRead More →