← Library

1 Introduction 🔒 Praise for the book DORA COMPLIANCE & Audit Mastery 🔒 15 Key Recommendations for DORA Success 🔒 Disclaimers & Legal Notices 🔒 Trademark Disclaimer 🔒 Consulting Services 🔒 Part I - Orientation & Foundations (Why & How to Think About DORA) 🔒 Chapter 1: Why the EU Created DORA - The Systemic Risk Imperative 🔒 Chapter 2: Who Must Comply and the Consequences of Audit Failure 🔒 Chapter 3: The Legal Architecture: Regulation 2022/2554 + the Three RTS Explained 🔒 Chapter VI - Information-sharing arrangements 🔒 Chapter 4: Policies as the Backbone of Compliance - Introducing the P1-P53 Catalogue 🔒 Chapter 5: The PDCA Cycle + Evidence-First + PRACI Accountability Model 🔒 Chapter 6: Management Body & Board Accountability under DORA (Art. 5) 🔒 Chapter 7: The Three Lines of Defence Reimagined with PRACI 🔒 Chapter 8: Required Governance Bodies & Escalation Paths 🔒 Chapter 9: The DORA Operating Model - Decision & Evidence Flows 🔒 Chapter 10: Policy Governance Lifecycle 🔒 Chapter 11: ICT Risk Management & Resilience Strategy Policies (P1-P3) 🔒 Chapter 12: Security & Protection Controls (P4-P13, P43, P49, P52) 🔒 Chapter 13: Business Continuity & Recovery Policies (P14-P23, P53) 🔒 Chapter 14: Incident Detection, Classification & Reporting (P24-P27, P46) 🔒 Chapter 15: Change, Configuration & Secure Development (P8, P25, P30, P37, P43, P47) 🔒 Chapter 16: Third-Party ICT Risk & Cloud Governance (P32-P37, P39, P42, P50, P51) 🔒 Chapter 17: Architecture, Interdependency & Documentation (P20, P38, P45, P51, P53) 🔒 Chapter 18: GDPR-DORA Intersections & Conflict Resolution 🔒 Chapter 19: From Policy to Procedures, Playbooks & Runbooks 🔒 Chapter 20: Building the Central DORA Evidence Repository 🔒 Chapter 21: The DORA Logs Catalogue - Mandatory Fields & Retention 🔒 Chapter 22: Dependency Mapping & Recovery Sequencing Workshop 🔒 Chapter 23: Immutable Backups, Cyber Vaults & Clean-Room Recovery 🔒 Chapter 24: Operationalising Third-Party Providers - Evidence Flows & Contract Management 🔒 Chapter 25: Continuous Monitoring & Telemetry Requirements 🔒 Chapter 26: The Full DORA Testing Programme - From Basic Tests to TLPT 🔒 Chapter 27: How a Real DORA Supervisory Review is Conducted - Day-by-Day Playbook 🔒 Chapter 28: Master Audit Checklists by Policy Family 🔒 Chapter 29: Evidence Packages That Pass Audits - 12 Ready-to-Use Examples 🔒 Chapter 30: Your First DORA Audit - Everything You Must Prepare & Exactly How to Answer the Regulator’s Questions 🔒 Part VI - Continuous Improvement & Maturity (ACT) 🔒 Chapter 31: Post-Incident Reviews & Lessons-Learned Process 🔒 Chapter 32: The Multi-Year DORA Roadmap & Remediation Governance 🔒 Chapter 33: DORA Maturity Model (Level 1-5) + Self-Assessment Framework 🔒 Chapter 34: Embedding DORA into Culture, Training & Awareness 🔒 Part VII - Role-by-Role DORA Playbooks 🔒 Chapter 35: Board of Directors & Management Body Playbook 🔒 Chapter 36: Chief Information Officer (CIO) Playbook 🔒 Chapter 37: Chief Information Security Officer (CISO) Playbook 🔒 Chapter 38: Chief Risk Officer (CRO) / Risk Function Playbook 🔒 Chapter 39: Chief Technology Officer (CTO) / Chief Architect Playbook 🔒 Chapter 40: Chief Operations Officer (COO) / Head of IT Operations Playbook 🔒 Chapter 41: Data Protection Officer (DPO) & Legal/Compliance Playbook 🔒 Chapter 42: Head of Third-Party / Vendor Risk Management Playbook 🔒 Chapter 43: Head of Resilience & Business Continuity Playbook 🔒 Chapter 44: SOC / CSIRT Leader Playbook 🔒 Chapter 45: Internal Audit Lead Playbook 🔒 Chapter 46: Business Unit & Product Owners Playbook 🔒 Chapter 47: Master PRACI Matrix (53 × 18 roles) 🔒 Chapter 48: Interdependency & Recovery Sequencing Matrices 🔒 Chapter 49: Incident-to-Policy & Stakeholder Engagement Matrices 🔒 Chapter 50: Complete DORA Logs & Evidence Catalogue 🔒 Chapter 51: GDPR-DORA Cross-Mapping Tables 🔒 Chapter 52: All Audit Checklists (grouped) 🔒 Chapter 53: 12 Evidence Package Templates 🔒 Chapter 54: Policy, Procedure & Runbook Templates (text-based) 🔒 Chapter 55: Course Curriculum & Module Mapping 🔒 Chapter 56: What the Course Adds (tools, workshops, certification) 🔒 Part VIII - Complete Policy Reference Library (P1-P53) 🔒 Policy P1: ICT Risk Management Framework Policy 🔒 Policy P2: Digital Operational Resilience Strategy 🔒 Policy P3: ICT Risk Appetite & Tolerance Policy 🔒 Policy P4: Information Security Policy 🔒 Policy P5: Identity and Access Management Policy 🔒 Policy P6: Cryptographic Key Management Policy 🔒 Policy P7: Cryptographic Key & Secrets Management Policy 🔒 Policy P8: Change + Patch & Vulnerability Management Policy 🔒 Policy P9: Network Security & Segmentation Policy 🔒 Policy P10: Endpoint & Mobile Device Management Policy 🔒 Policy P11: SSL/TLS Certificate Management Policy 🔒 Policy P12: Secure Document Management Policy 🔒 Policy P13: ICT Security Monitoring & Detection Policy 🔒 Policy P14: ICT Business Continuity Policy 🔒 Policy P15: RTO/RPO Policy 🔒 Policy P16: ICT Response & Recovery Playbooks 🔒 Policy P17: Enterprise Backup & Recovery Policy 🔒 Policy P18: Ransomware Resilience & Immutable Back up 🔒 Policy P19: Data Consistency & Integrity Assurance Policy 🔒 Policy P20: Personal Data Breach Response Policy (GDPR + DORA) 🔒 Policy P21: Cyber Vault & Clean-Room Recovery Policy 🔒 Policy P22: Backup, Recovery & Resilience Testing Policy 🔒 Policy P23: Crisis Management & Communication Policy 🔒 Policy P24: ICT-Related Incident Management Process Policy 🔒 Policy P25: Incident & Cyber-Threat Classification Policy 🔒 Policy P26: Major ICT-Related Incident Reporting Policy 🔒 Policy P27: Post-Incident Review & Remediation Policy 🔒 Policy P28: Digital Operational Resilience Testing Programme Policy 🔒 Policy P29: Annual Penetration Testing Policy (non-TLPT) 🔒 Policy P30: Threat-Led Penetration Testing (TLPT) Policy 🔒 Policy P31: Tester Independence & Qualification Policy 🔒 Policy P32: ICT Third-Party Risk Strategy 🔒 Policy P33: Register of ICT Third-Party Arrangements & Ongoing Monitoring Policy 🔒 Policy P34: ICT Concentration Risk & Substitutability Assessment Policy 🔒 Policy P35: Standard Contractual Clauses & Contract Management Policy 🔒 Policy P36: Exit Strategy & Transition Policy 🔒 Policy P37: Third-Party Software & Open-Source Component Risk Policy (SBOM) 🔒 Policy P38: DORA Document Management & Record-Keeping Policy 🔒 Policy P39: Vendor Onboarding & Due Diligence Policy 🔒 Policy P40: ICT Security Awareness & Digital Resilience Training Policy 🔒 Policy P41: Cyber Threat Intelligence & Information-Sharing Policy 🔒 Policy P42: ICT Supply-Chain Security Policy 🔒 Policy P43: Secure Coding & Software Development Policy 🔒 Policy P44: DORA Policy on Policies 🔒 Policy P45: ICT Architecture & Dependency Mapping Policy 🔒 Policy P46: ICT Logging & Forensic Readiness Policy 🔒 Policy P47: Change Advisory Board (CAB) & Emergency Change Rules 🔒 Policy P48: Data Classification & Protection Policy 🔒 Policy P49: ICT Configuration Hardening Baseline Policy 🔒 Policy P50: Data Location, Sovereignty and Cloud Transparency Policy 🔒 Policy P51: ICT Documentation, Architecture Records, Inventories and Evidence Governance Policy 🔒 Policy P52: Physical Security Policy 🔒 Policy P53: Interdependency, Recovery Sequencing & Continuity Assurance Policy 🔒 Annexes 🔒 A3 - Glossary of Key DORA Terms An alphabetical glossary of essential DORA terminology, with simplified definitions, practical examples, and direct references to relevant articles or policies for rapid lookup. 🔒 A1 -DORA Visual Summary (laminate this) 🔒 A2 - PRACI Cheat Sheet (expanded with examples, pitfalls, and best practices 🔒 A4 - Expanded Maturity Self-Check (20 questions - score 1-5 each, with explanations & action tips) 🔒 Level 1: Initial 🔒 Level 2: Developing 🔒 Level 3: Established 🔒 Level 4: Advanced 🔒 Level 5: Optimized

📦 Amazon Print 🛒 Digital — €14.95

DORA COMPLIANCE & AUDIT MASTERY - › Part I - Orientation & Foundations (Why & How to Think About DORA)

Part I - Orientation & Foundations (Why & How to Think About DORA)