Canonical FrameworkCompliance & Audit

DORA

DORA control-mapping starter for EU financial entities managing critical ICT services. It references ICT risk, incident, continuity, resilience-testing, and third-party oversight duties, with configurable gateway controls or evidence fields where applicable.

This template is a configurable starting point and control mapping. It is not certification, legal advice, or a guarantee of compliance; validate it against your obligations and environment before use.

Regions

EU

References

3 references

Mapped Control Domains

6 mapped domains

Deployment

Regulated SaaS, Financial (Cache Disabled), Sovereign Region

Referenced Frameworks, Standards & Obligations

EU Regulation 2022/2554 (DORA — Digital Operational Resilience Act)Commission Delegated Regulation (EU) 2024/1774 (DORA ICT risk management RTS)DORA delegated and implementing acts (Joint ESA RTS/ITS)

Mapped Control Domains

ICT Risk Management
Incident Response
Resilience Testing
Third Party Oversight
Business Continuity
Digital Testing

Deployment profiles

Regulated SaaS
Financial (Cache Disabled)
Sovereign Region

Get started in 3 steps

1

Open the template

Open the catalog entry in the Keeptrusts console and review its included controls, references, and deployment metadata.

2

Adapt the configuration

Use the template as a starting point, then adjust relevant policies, thresholds, routing, and review settings for your requirements.

3

Validate before rollout

Test every outcome you configure—such as allow, redact, block, or operator review—before deploying through a supported gateway workflow.