DORA, ISO, NIST, Etc

Guides related to Compliance

  • Episodes3
  • Duration18m 2s
  • LanguagesEN
Episode 1

Dora Compliance

how eramba helps you being compliant with DORA

In this guide, we will examine how Eramba facilitates compliance with DORA. We will review each requirement and highlight the various modules and functionalities within Eramba that address these needs.

Some DORA requirements are expected to be fulfilled by member state agencies and not end organisations, those items have not been considered in this document. We have also excluded requirements that are for the most part technical, such as the need for backups. 

Section 2. Article 6. Req 2-4,8,9

  • Use our GRC templates public at www.eramba.org and access already written Risk Policies that you can leverage for your organisation.

Section 2. Article 6. Req 5

  • After you create your Policies in Eramba, you will use the Review functionality to make sure your policies are reviewed every year.
  • We recommend you make reports in eramba that automatically send weekly notifications to you.

Section 2. Article 6. Req 6

Section 2. Article 6. Req 7

Section 2. Article 8. Req 1

  • You will use eramba's Business Unit, Asset, and Process modules to document these items and their responsible owners.
  • On the Asset module you will most likely define a criticality classification.
  • In the Asset module you will use the built-in Review functionality to make sure these assets are reviewed every year, you will of course use notifications and reports to make sure you don't miss them.

Section 2. Article 8. Req 2

  • You will use the Asset Risk Management module in eramba to identify, and classify, etc your Risks.
  • In the Risk module you will use the built-in Review functionality to make sure these assets are reviewed every year, you will of course use notifications and reports to make sure you don't miss them.

Section 2. Article 8. Req 3, Section 2. Article 8. Req 6-7

  • You could set a notification when an Asset, Process, Etc is created or modified because that could be the trigger for a new Risk Assessment.

Section 2. Article 8. Req 4

  • As explained before, the Asset module is the place for documenting all your assets.

Section 2. Article 8. Req 5

  • You will have to define your Processes in the BU module and then link them to your Third Parties in the Third Party module.
  • This will later help you send Questionnaires to these suppliers to facilitate the task of identifying Risks around them.

Section 2. Article 9. Req 1

  • You will be using eramba's audit capabilities of internal controls with built-in notification to ensure no system is left without test.

Section 2. Article 9. Req 2, 4a, 4c, 4d, 4e, 4f

  • Use our GRC templates public at www.eramba.org and access already written Policies that you can leverage for your organisation.

Section 2. Article 11. Req 1-2

  • Use our GRC templates public at www.eramba.org and access already written Business Continuity Policies that you can leverage for your organisation.
  • You can leverage as well the Business Continuity Module in eramba which lets you document your continuity plans and regularly audit them.

Section 2. Article 11. Req 3-4,6,9

Section 2. Article 11. Req 5

Section 2. Article 12. Req 1

  • Use our GRC templates public at www.eramba.org and access already written Policies that you can leverage for your organisation.

Section 2. Article 13. Req 2-3

  • The incident module in eramba could help document incidents and their mandatory analysis stages, one of which could be "Lessons Learned".

Section 2. Article 13. Req 6

Section 2. Article 17. Req 1

  • Use our GRC templates public at www.eramba.org and access already written Policies that you can leverage for your organisation.

Section 2. Article 17. Req 2

  • The incident module in eramba could help document incidents and their mandatory analysis stages, one of which could be "Lessons Learned".

Section 2. Article 18. Req 1

Section 2. Article 28. Req 1,2

Section 2. Article 28. Req 4

Section 2. Article 29. Req 1

Section 2. Article 30. Req 2-3

  • Use our GRC templates public at www.eramba.org and access already written Policies that you can leverage for your organisation.