Appearance
ICT risk and resilience operations
DORA execution in Modulos covers the full ICT resilience cycle: identify, protect, detect, respond, recover, and report.
Organization-level governance requirements (OFF-16)
| Requirement | Topic | Regulation reference |
|---|---|---|
ORF-307 | ICT systems capacity and resilience governance | Art. 7 |
ORF-308 | ICT function, asset, and dependency inventory governance | Art. 8(1), 8(4)-(6) |
ORF-309 | Continuous ICT risk identification and assessment governance | Art. 8(2), 8(3), 8(7) |
ORF-310 | ICT protection and prevention policy governance | Art. 9(1)-(4) |
ORF-311 | ICT anomaly detection and alert-threshold governance | Art. 10(1)-(3) |
ORF-312 | ICT continuity, response, recovery, and crisis governance | Art. 11(1)-(8) |
ORF-313 | Backup, restoration, and recovery-objective governance | Art. 12(1)-(7) |
ORF-314 | Post-incident learning and resilience-training governance | Art. 13(1)-(7) |
ORF-315 | Crisis communication and disclosure governance | Art. 14(1)-(3) |
ORF-316 | ICT incident management and classification governance | Art. 17(1)-(3), 18(1)-(4) |
ORF-317 | Major incident reporting and client-notification governance | Art. 19(1)-(5), 20, 23 |
AI-system execution requirements (MFF-16)
| Requirement | Topic | Regulation reference |
|---|---|---|
MRF-276 | AI system ICT capacity and resilience implementation | Art. 7 |
MRF-277 | AI system asset inventory and dependency mapping execution | Art. 8(1), 8(4)-(6) |
MRF-278 | AI system continuous ICT risk and vulnerability assessment | Art. 8(2), 8(3), 8(7) |
MRF-279 | AI system protection and prevention control execution | Art. 9(1)-(4) |
MRF-280 | AI system anomaly detection and alert-threshold execution | Art. 10(1)-(3) |
MRF-281 | AI system response, recovery, and continuity execution | Art. 11(1)-(8) |
MRF-282 | AI system backup and restoration execution | Art. 12(1)-(7) |
MRF-283 | AI system post-incident learning and training execution | Art. 13(2)-(6) |
MRF-284 | AI system crisis communication and disclosure execution | Art. 14(1)-(3), 19(3) |
MRF-285 | AI system incident logging and classification execution | Art. 17(1)-(3), 18(1)-(4) |
MRF-286 | AI system staged major incident reporting execution | Art. 19(1)-(5), 20, 23 |
Execution checkpoints
- critical service and dependency inventories are current and reviewable
- anomaly thresholds and escalation paths are documented and tested
- continuity and restoration evidence includes test frequency and outcomes
- major-incident classification and staging logic is reproducible
Related pages
Applicability and governance
Scope, accountability, and resilience-strategy governance
Testing and third-party risk
TLPT and ICT third-party execution model
Operationalizing in Modulos
Practical implementation sequence for OFF-16 and MFF-16
Disclaimer
This page is for general informational purposes and does not constitute legal advice.