DORA
ICT Risk Management, Simplified.
The Digital Operational Resilience Act (DORA) applies to financial entities across the EU, requiring a comprehensive ICT risk management framework including structured vulnerability management. Centraleyezer covers the key requirements out of the box.
How Centraleyezer covers DORA
Centraleyezer maps directly to the technical requirements — with built-in evidence collection so audits are fast.
ICT risk management — vulnerability scanning
Centraleyezer continuously ingests vulnerability data from your ICT infrastructure, applies risk-based prioritisation, and maintains a live risk register — fulfilling DORA's requirement for ongoing ICT vulnerability identification.
Detection and response — timely patching
SLA-driven remediation workflows enforce patching timelines, with automated escalation when SLAs are at risk. Every remediation action is logged with timestamps for DORA evidence.
Backup and recovery — resilience of ICT systems
Asset criticality scoring identifies which systems are mission-critical, ensuring vulnerabilities in those assets receive the highest remediation priority.
ICT-related incident management — root cause
When incidents occur, Centraleyezer's full vulnerability history and remediation audit trail helps link incidents back to known vulnerabilities, supporting DORA root cause documentation.
Digital operational resilience testing
Centraleyezer tracks vulnerabilities discovered through penetration tests and threat-led exercises, integrating their findings into the main risk-based remediation queue.
Read more
- DORA ICT-risk vulnerability management — full guide
Articles 8, 9, 10 and 25 with patch SLA expectations and TLPT scoping notes.
- CVSS scores aren't enough for prioritisation
Why supervisors will not accept CVSS-only triage as a 'risk-based' approach.