Operational resilience

Operational resilience is defined as the ability of an institution to deliver critical operations through disruption. This builds on the prudential operational risk framework, encompassing internal governance, outsourcing, business continuity and relevant risk management-related aspects. Such ability enables an institution to identify and protect itself from threats and potential failures, respond and adapt to, as well as recover and learn from disruptive events in order to minimise their impact on the delivery of critical operations through disruption. EU legislation on digital operational resilience for the financial sector (DORA) sets targeted rules for institutions on ICT risk-management capabilities, incident reporting, digital operational resilience testing and ICT third-party risk monitoring. The ESAs are delivering a number of policy products, in the areas of ICT risk management, major ICT-related incident reporting, testing, monitoring of ICT third-party risk, aiming to ensure the consistent harmonisation of the DORA requirements. 

Technical Standards, Guidelines & Recommendations

Technical standards

Opinions, Reports and other Publications


There is no matching document.