Does Digital Operational Resilience Act (DORA) require Record-Keeping & Documentation?
European Union • enforcing
Yes — 1 provision
Requirements at a glance
This regulation imposes 3 specific requirements for Record-Keeping & Documentation across 1 provision:
- Resilience testing program — Conduct regular testing of ICT systems and tools
- Threat-led penetration testing — Significant entities must perform TLPT aligned with TIBER-EU
- Documentation and remediation — Document test results and remediate identified vulnerabilities
Digital Operational Resilience Testing #
Requirements
| Requirement | Details |
|---|---|
| Resilience testing program | Conduct regular testing of ICT systems and tools |
| Threat-led penetration testing | Significant entities must perform TLPT aligned with TIBER-EU |
| Documentation and remediation | Document test results and remediate identified vulnerabilities |
Penalties
| Violation | Fine |
|---|---|
| Non-compliance | Determined by national competent authorities per member state law |