Supplier criticality, recovery objectives, dependency maps and incident playbooks live in-platform - so when the regulator clock starts, the evidence pack is already assembled.
The DORA major-ICT-incident reporting window. Most resilience evidence is reconstructed from email threads during the incident - by the time the regulator deadline hits, the report is incomplete. In-platform, the pack auto-assembles inside the window.
Major incident at a supplier. The 72-hour clock starts. Risk, legal and ops teams scramble. Evidence reconstructed from inboxes. Regulator deadline missed. Penalty assessed.
Supplier criticality, recovery objectives, dependency maps and incident playbooks all live in-platform. When the clock starts, 90% of the evidence pack is already assembled.
ICT third-party register with all 19 DORA RTS fields, pre-mapped.
Sector obligations + critical-supplier flagging per Annex I + II.
Major-incident report auto-assembled within the regulator window.
RTO / RPO / MTPD per supplier, tested and timestamped with evidence.
GDPR + DPA + NIS + DORA references on every record. No silos.
Continuous monitoring + drill cadence + auto-evidence.
72-hour incident pack + escalation runbooks + regulator templates.
Lessons-learned + remediation tracking + regulator follow-up.
We’ll map your top-five ICT third parties against DORA RTS requirements.