+Governance and Risk Management
---+Risk Asessments
------+Risk Assessment
------+Major change risk assessment
------+Legacy Systems risk assessment
---+(Internal) ICT Audit
------+Audit approach and frequency
------+Auditor requirements
------+Audit findings
------+Reliance Third-Party Assurance and Certifications
---+Management Responsibilities
------+Governance of ICT risk
------+Knowledge of the Management Body
------+Digital Operational Resilience Strategy
------+Business Continuity Oversight
------+Audit Plan Approval and Review
---+Risk Management Framework
------+Critical and Important Functions
------+Clear Segregation of Duties (SoD)
------+ICT Risk management framework
------+Annual Framework Review and Audit Process
------+Third-Party (Multi-vendor) Risk Management Program
------+Protection Measures

1. Overview

Governance and Risk Management

Summary	Standard
Risk Asessments
(Internal) ICT Audit
Management Responsibilities
Risk Management Framework

1.1 References

1.2 Identified Requirements

1.2 Related Regulation

2. Identified Requirements

Requirements
Source	Requirement

3. Related Regulations

Regulations
Source	Regulation

NOREA -
Copyright by NOREA, de beroepsorganisatie van IT-auditors

DORA in Control Framework

Impressum