Go to content

ICT related incidents

It is important that ICT incidents are dealt with adequately. For effective incident management, DORA expects companies to establish a process to detect and deal with ICT incidents and cyber threats.

In addition, companies must keep a record of past incidents. This promotes careful handling and follow-up of incidents and provides an opportunity for evaluations and root cause analyses.

Reporting to the AFM

DORA requires major IT incidents to be reported to the supervisory authority. This is already mandatory. Criteria and templates for the reporting obligation under DORA have since been submitted to the European Commission for the purpose of review and decision-making.