Appearance
Applicability and governance
This page covers how DORA applicability and governance accountability are modeled in Modulos.
OFF-16 governance requirements
| Requirement | Topic | Regulation reference |
|---|---|---|
ORF-303 | DORA applicability and proportionality governance | Art. 2, 4, 16 |
ORF-304 | Management body ICT accountability and training governance | Art. 5(1)-(4) |
ORF-305 | ICT risk framework and resilience strategy governance | Art. 6(1)-(3), 6(5), 6(8)-(10), 15, 16(3) |
ORF-306 | ICT control-function independence and audit governance | Art. 6(4), 6(6), 6(7) |
ORF-321 | DORA delegated and implementing acts governance | Art. 15, 16(3), 18(4), 20, 26(11), 28(9)-(10), 30(5) |
MFF-16 execution anchor
| Requirement | Topic | Regulation reference |
|---|---|---|
MRF-275 | AI system ICT risk framework implementation | Art. 6(1)-(3), 15, 16(1), 16(3) |
Governance outputs to maintain
- DORA applicability matrix by legal entity and service perimeter
- proportionality/simplified-regime rationale where applicable
- management body accountability and training records
- formally approved ICT risk strategy and policy architecture
- delegated/implementing acts watchlist with impact assessments
Related pages
DORA overview
Framework structure and OFF-16/MFF-16 model
ICT risk and resilience operations
Operational execution requirements for resilience and incident flows
Disclaimer
This page is for general informational purposes and does not constitute legal advice.