Governance and organisation

The setup of an adequate governance structure and mature ICT risk management organisation plays an important role in DORA and arises throughout the Regulation. For many processes prescribed by the Regulation, for example, there is a requirement that companies set clear roles and responsibilities.