DORA
ICT Risk Management
Digital operational resilience evidence
What the regulation requires
The Digital Operational Resilience Act requires financial institutions to maintain comprehensive ICT risk management frameworks. Obligations include ICT risk management documentation, incident reporting with timelines, digital operational resilience testing results, third-party ICT risk documentation, and business continuity management records.
How RADAR maps to it
ICT risk evidence collection
Continuous capture of ICT-related decisions across your agent infrastructure. Every tool call, API access, and system interaction is hashed and chained. Evidence covers the full operational surface — not just selected workflows.
Incident reporting logs
Structured violation events with timestamps, severity levels, and affected components. Forwarded to Splunk HEC and Syslog via CEF format. Webhook dispatcher with HMAC-SHA256 signing ensures integrity of incident notifications.
Third-party risk documentation
Every external API call is logged with provider, endpoint, data exchanged, and policy evaluation result. Framework-mapped exports show which DORA controls each third-party interaction satisfies or requires attention.
Business continuity evidence
Evidence chain survives deployment restarts, container recreation, and infrastructure changes. Hash chain remains verifiable across any interruption. Audit exports include continuity attestation — proof that evidence collection was uninterrupted.
What the evidence looks like
Auditor note
ICT risk framework evidence with framework-mapped export. Auditor verifies chain independently.
This is a production-verified capability — not a hypothetical. Every control mapping above corresponds to a feature shipped in RADAR v1.0. See the documentation.