Incident Management

The value of a proper process of managing incidents can not be underestimated. After all, an ability to identify incidents on time, promptly address them and learn how to avoid them in the future is saving money. A lot of money!

Incident Management - DORA consultancy helping financial institutions across the UK and Europe.
Luis Quintero, Close up

Ransomware example comes to mind, where malicious attackers use the system's misconfiguration, lack of patch management and people's mistakes to impact any modern organisation significantly.

DORA Incident management requirements

DORA specify several requirements to include within Incident management processes:

  • Identify incidents using early warning indicators
  • Establish incident identification, categorisation and types of classification, ensuring their priority-aligned services severity
  • Define monitoring and escalation procedures
  • Assign roles and responsibilities to be activated for different incident types and scenarios
  • Have relevant communication plans in place

Financial entity obligations

Financial entity must ensure that:

  • the incidents are reported to the appropriate management level
  • incident's trends are analysed
  • the incident's root cause analysis is performed
  • appropriate remedial action taken

Asset management and ICT risk

DORA also defines several criteria which require an organisation to have adequate asset management processes linked with company-wide ICT risk management.

The asset management, ideally as a single source of truth for the whole organisation, should include detailed documentation for asset identification, criticality criteria, dependencies and owners, among others. The process should cover any third-party suppliers and associated service providers.

The asset owner's responsibilities vary from ensuring that the asset is correctly classified to the day-to-day maintenance of the identified controls, the access controls should be defined and periodically reviewed, and vulnerabilities are identified and patched promptly.

We help assess the current processes, improve them where necessary and test them to ensure they actually work.

Ready to discuss your DORA compliance challenges?

Our team of experienced consultants is here to help.

Get in Touch