top of page
Writer's pictureJames Ross
Jul 203 min read

DORA Pillar 2: ICT Incident Reporting - Your Resilience Roadmap


In the second part of this 4-part series of blogs, we will be delving into DORA pillar 2. The risk of Information and Communication Technology (ICT) disruptions becomes more prevalent as the financial world becomes increasingly digital. The European Union's Digital Operational Resilience Act (DORA) aims to strengthen the resilience of financial entities against these threats. Pillar 2 is at the core of this effort and focuses on ICT Incident-Related Reporting. We will explore the significance of this pillar and how your firm can effectively meet its requirements.



Core Objectives of Pillar 2


Pillar 2 is multifaceted, encompassing several key goals:


  • Incident Response and Recovery: Having comprehensive plans to minimise the impact of incidents on operations.

  • Data Backup and Restoration: Ensuring swift and effective ICT systems and data recovery.

  • Continuous Learning and Evolution: This pillar fosters a culture of ongoing improvement in digital operational resilience, empowering your firm to stay ahead of evolving threats and disruptions.

  • Communication Strategies: Establishing clear protocols for disclosing and communicating incidents and vulnerabilities.


Why Pillar 2 Matters


Pillar 2 isn't just about compliance – it's about fortifying your firm against the potential chaos caused by cyberattacks, system failures, or other technological incidents. By focusing on the following, you're proactively safeguarding your operations and reputation:


  • Swift Response and Recovery: Minimising downtime and impact on customers.

  • Data Protection: Safeguarding critical information through effective backup and restoration procedures.

  • Continuous Improvement: Learning from every incident to strengthen your ICT infrastructure.

  • Transparent Communication: This pillar is about building trust with stakeholders through responsible disclosure and clear communication during crises, making them feel trusted and responsible.


Deconstructing DORA's Pillar 2


  • Article 11: Response & Recovery: Requires comprehensive plans for incident detection, containment, business continuity, communication, and crisis management.

  • Article 12: Backup & Restoration: This section mandates clear procedures for data backup, system restoration, and setting recovery time/point objectives (RTOs/RPOs).

  • Article 13: Learning & Evolving: Emphasises continuous monitoring, post-incident analysis, incorporating lessons learned, and adapting strategies.

  • Article 14: Communication: Requires responsible disclosure plans, clear internal and external communication policies, and a designated communication lead.

  • Article 17: Incident Management Process: This article mandates a formal process for recording, categorising, prioritising, and responding to incidents.

  • Article 18: Incident & Threat Classification: This article defines criteria for classifying incidents and cyber threats to determine appropriate response and reporting actions.

  • Article 19: Incident Reporting: Requires reporting major incidents to competent authorities, informing clients, and outlining specific reporting requirements.

  • Article 19: Reporting of Major ICT-Related Incidents – Requires reporting major incidents to competent authorities and informing clients.


6-Month Implementation Plan for DORA Compliance (Pillar 2)


A phased approach can make DORA compliance more manageable:


  1. Month 1: Gap Analysis and Planning – Assess current practices against DORA requirements and create a detailed implementation plan.

  2. Month 2: Incident Response and Business Continuity Planning – Develop or update policies, prioritise critical functions, and establish backup/recovery procedures.

  3. Month 3: Incident Detection and Classification – Implement detection mechanisms, define classification criteria, and create cyber threat assessment criteria.

  4. Month 4: Reporting Procedures and Communication – Establish reporting procedures, create crisis communication plans, and designate a communication lead.

  5. Month 5: Training and Testing – Train staff on incident management, conduct response exercises, and review the Business Impact Analysis (BIA).

  6. Month 6: Review, Refinement, and Continuous Improvement – Assess implementation progress, refine processes, and establish continuous monitoring and improvement mechanisms.


Key Takeaways


  • DORA Pillar 2 is essential for building resilience in the face of ICT disruptions.

  • Compliance requires a thorough understanding of the relevant DORA articles.

  • A structured implementation plan can make the process manageable.

  • Continuous learning and improvement are vital for staying ahead of evolving threats.


Part 3 of this blog series will look at Digital Operational Resilience Testing.




Sign up to be notified about the latest updates of what we think

The posts listed on the 'What we think' webpages are our interpretation of regulatory developments we have been reading about. They should not be considered legal, regulatory or other advice. Contact us if you want to understand the impact of public policy, regulation and governance changes for you.

bottom of page