Testing of digital operational resilience
Regular testing gives companies insight into the actual security of the IT environment and enables targeted improvements to be made. DORA requires companies to develop a risk-oriented programme to test and increase digital resilience.
The content of this programme depends on the identified risk profile of a company. Various types of tests are conceivable, including vulnerability scans, pen tests and red teaming.
Among other things, DORA applies proportionality for microenterprises, exempting them from the relevant articles on this subject.