DORA
Digital operational resilience act
ICT risk management
ICT-related incident management
Digital operational resilience testing
Third-party risk management
Critical ICT third-party service providers
Threat-led penetration testing
Preamble (Recitals 1 – 29)
Recitals
Chapter I (Article 1)
General provisions
Article 1
Definitions
Chapter II (Article 2)
Criteria to identify financial entities required to perform TLPT
Article 2
Identification of financial entities required to perform TLPT
Chapter III (Articles 3 – 12)
Requirements regarding test scope, testing methodology and results of TLPT
Section I
Testing methodology
Article 3
TCT and TLPT Test Managers
Article 4
Organisational arrangements for financial entities
Article 5
Risk management for TLPT
Article 6
Risk management for pooled and joint TLPTs
Section II
Testing process
Article 7
Specificities for pooled and joint TLPTs
Article 8
Preparation phase
Article 9
Testing phase: Threat intelligence
Article 10
Testing phase: Red Team Test
Article 11
Closure phase
Article 12
Remediation plan
Chapter IV (Article 13)
Requirements and standards governing the use of internal testers
Article 13
Use of internal testers
Chapter V (Articles 14 – 15)
Cooperation and mutual recognition and final provisions
Article 14
Cooperation
Article 15
Entry into force and application