GRCA Planeth
You are not logged in
Login
Change Design (current Design: automatic)
Change Design (current Design: light)
Change Design (current Design: dark)
Start
Sources
›
Standard - DORA in Control Framework
+DORA in Control Framework
---+Governance and Risk Management
------+Risk Asessments
---------+Risk Assessment
---------+Major change risk assessment
---------+Legacy Systems risk assessment
------+(Internal) ICT Audit
---------+Audit approach and frequency
---------+Auditor requirements
---------+Audit findings
---------+Reliance Third-Party Assurance and Certifications
------+Management Responsibilities
---------+Governance of ICT risk
---------+Knowledge of the Management Body
---------+Digital Operational Resilience Strategy
---------+Business Continuity Oversight
---------+Audit Plan Approval and Review
------+Risk Management Framework
---------+Critical and Important Functions
---------+Clear Segregation of Duties (SoD)
---------+ICT Risk management framework
---------+Annual Framework Review and Audit Process
---------+Third-Party (Multi-vendor) Risk Management Program
---------+Protection Measures
---+Operational Management
------+Asset Management
---------+Resilient Systems
---------+Inventory Management
---------+Asset Classification and Documentation
------+Change Management
---------+Change Procedures
---------+Security Requirements
---------+Emergency Change Management
---------+OTAP Implementation
------+ICT Operations
---------+Error Handling and Recovery
---------+ICT Monitoring
---------+Clock Synchronization Standardization
---------+System Management and Security
---+Continuity Management
------+Backup Management
---------+Backup Policy
---------+Restore Procedures
------+Response and Recovery
---------+Business Continuity Policy
---------+Crisis Management
---------+Record Keeping
---------+Business Impact analysis
---------+Response and Recovery
---------+Testing and Assessment
---+Incident Management
------+Incident Classification
---------+Incident Classification Criteria
---------+Cyber Threat Classification Criteria and Information Exchenge
------+Incident Management
---------+Incident Management Process
---------+Incident Tracking
---------+Incident Communication and Reporting
---+Software and Systems Development
------+Acquisition, Development, and Maintenance
---------+Policy Framework
---------+Environment Risk Mitigation Measures
---------+Systems Testing Procedures
---------+Source Code Reviews
------+Project Management
---------+ICT Project Management Practices
---------+Project Risk Management
---+Third-party Risk Management
------+Third-party Due Diligence and Selection
---------+Suitability Criteria
---------+Selection Criteria
------+Third-party (Standard) Contract Management
---------+Termination Rights and Conditions
---------+Service Level Management
---------+Service Locations and Data Processing
---------+Cooperation in Incident Response
---------+Participation in Security Awareness Programs
------+Third-party (Critical) Contract Management
---------+(Critical) Service Level Management
---------+Contractual Clauses
---------+Third-party Critical Subcontracting Management
------+Third-party Risk Management
---------+Third-party Risk Management
---------+Pre-Contract Risk Assessment
---------+Register of Information
---------+Contractual Requisites
---------+Exit strategies
---------+Annual Reporting of New Arrangements
------+Subcontracting Management
---------+Third-Party Subcontractor Due Diligence
---------+Subcontracting Risk Management
---------+Subcontracting Monitoring
---+Resilience testing
------+Digital Operational Resilience Testing
---------+Resilience Testing Program
---------+Diverse Testing Modalities
------+Threat-led Penetration Testing (TLPT)
---------+Outsourced System testing
---------+Selection of TLPT Testers
---------+Periodic TLPT Testing
---+Security Management
------+Architectural and Network Security
---------+Network Design and Segmentation
---------+Network Security
---------+Session Management
------+Security Monitoring & Log Management
---------+Security Monitoring (SIEM)
---------+Event Identification for Logging
---------+Secure Handling of Log Data
------+Data and (Legacy) System Security
---------+ICT (Security) Systems, tools, and solutions
---------+Data Protection Practices
---------+Vendor Recommended Security Settings
---------+Endpoint Devices
---------+Secure Data Deletion and Disposal
------+Encryption and Cryptography
---------+Data Encryption
---------+Cryptographic Key Management and Lifecycle
------+Identity and Access Management
---------+Authentication Methods
---------+Identity Management
---------+Privilige Access Management
---------+Account Management
------+Physical and Environmental Security
---------+Physical and Environmental Security
------+Security Awareness
---------+Resilience Training Programs
---------+Inclusion of Third-Party Providers
------+Vulnerability and Patch Management
---------+Resource Management
---------+Vulnerability Management
---------+Patch Management
1. Overview
DORA in Control Framework
DORA in Control Framework https://www.norea.nl/dora
Summary
Standard
Governance and Risk Management
Operational Management
Continuity Management
Incident Management
Software and Systems Development
Third-party Risk Management
Resilience testing
Security Management
1.1 References
1.2 Identified Requirements
1.2 Related Regulation
2. Identified Requirements
Requirements
Source
Requirement
3. Related Regulations
Regulations
Source
Regulation
NOREA
-
NOREA, de beroepsorganisatie van IT-auditors
-
DORA in Control Framework
Impressum