Governance & Responsibility (Article 14(3) DORA)
- The financial entity must designate at least one person who is tasked with implementing the communication strategy for ICT-related incidents.
- The designated person shall furthermore fulfil the public and media function for communication related to ICT-related incidents.
Integration into the Digital Operational Resilience Strategy (Article 6(8)(h) DORA)
The communication strategy forms a mandatory component of the digital operational resilience strategy that is part of the ICT risk management framework.
Mandatory Content Element (Article 6(8)(h) DORA)
Communication Strategy for ICT-Related Incidents
The communication strategy must outline how the financial entity will communicate in the event of ICT-related incidents whose disclosure is required under Article 14.
This includes the obligation to set out the approach, mechanisms and structure for disclosure to the relevant audiences pursuant to Article 14.