All compliance evidence

DORA

ICT Risk Management

Digital operational resilience evidence

What the regulation requires

The Digital Operational Resilience Act requires financial institutions to maintain comprehensive ICT risk management frameworks. Obligations include ICT risk management documentation, incident reporting with timelines, digital operational resilience testing results, third-party ICT risk documentation, and business continuity management records.

How RADAR maps to it

ICT risk evidence collection

Continuous capture of ICT-related decisions across your agent infrastructure. Every tool call, API access, and system interaction is hashed and chained. Evidence covers the full operational surface — not just selected workflows.

Incident reporting logs

Structured violation events with timestamps, severity levels, and affected components. Forwarded to Splunk HEC and Syslog via CEF format. Webhook dispatcher with HMAC-SHA256 signing ensures integrity of incident notifications.

Third-party risk documentation

Every external API call is logged with provider, endpoint, data exchanged, and policy evaluation result. Framework-mapped exports show which DORA controls each third-party interaction satisfies or requires attention.

Business continuity evidence

Evidence chain survives deployment restarts, container recreation, and infrastructure changes. Hash chain remains verifiable across any interruption. Audit exports include continuity attestation — proof that evidence collection was uninterrupted.

What the evidence looks like

ICT RISK RECORD · DORA
Record#0031 — api_call · payment-processor
Timestamp2026-06-09 14:22:09 UTC
ProviderStripe API · Endpoint: /v1/charges
Policydora-ict-strict · Allow: payment-processor
Chain31/31 links intact · SHA-256 verified
ContinuityUninterrupted · Deploy: Jun 1 · Uptime: 8d 14h

Auditor note

ICT risk framework evidence with framework-mapped export. Auditor verifies chain independently.

This is a production-verified capability — not a hypothetical. Every control mapping above corresponds to a feature shipped in RADAR v1.0. See the documentation.