# Digital Operational Resilience Act

Endpoint Central is a trusted solution for financial entities aiming to meet DORA's stringent requirements. With its robust capabilities in ICT risk and incident management, Endpoint Central not only ensures compliance but also enhances your organization’s digital resilience.

| Article | DORA Article - Summary | How Endpoint Central helps |
|---|---|---|
| 6 | **ICT Risk Management Framework**<br><br>**1. Purpose and Scope**<br>- Ensure quick, efficient, and comprehensive handling of ICT risks to achieve high digital operational resilience.<br>- Protect all information and ICT assets (e.g., software, hardware, data centers, premises) from risks like damage or unauthorized access.<br><br>**2. Key Components**<br>- Include strategies, policies, procedures, ICT protocols, and tools necessary for risk management and asset protection.<br>- Deploy measures to minimize ICT risk and provide updates on the framework to competent authorities when requested.<br><br>**3. Governance and Oversight**<br>- Assign ICT risk management responsibilities to a control function with adequate independence to avoid conflicts of interest.<br>- Segregate ICT risk management, control, and audit functions using the three lines of defense model or a similar internal risk management model.<br><br>**4. Documentation and Review**<br>- Document and review the framework at least annually, after major ICT incidents, or upon supervisory requests.<br>- Continuously improve the framework based on lessons learned and monitoring outcomes.<br>- Submit review reports to competent authorities when requested.<br><br>**5. Internal Audits**<br>- *Conduct regular internal audits on the framework, performed by skilled and independent auditors.*<br>- *Audit frequency and focus should align with the financial entity’s ICT risk level.*<br>- *Establish a formal process for verifying and addressing critical audit findings in a timely manner.*<br><br>**6. Digital Operational Resilience Strategy**<br>- The framework must include a strategy outlining how ICT risk will be addressed and specific objectives achieved, including:<br>  - Aligning ICT risk management with the entity’s business strategy.<br>  - Defining ICT risk tolerance and analyzing disruption impact tolerance.<br>  - Setting information security objectives with performance indicators and risk metrics.<br>  - Explaining ICT reference architecture and required changes.<br>  - Detailing mechanisms to detect, prevent, and protect against ICT-related incidents.<br>  - Assessing resilience through incident reporting and effectiveness of preventive measures.<br>  - Implementing operational resilience testing (as per Chapter IV of the Regulation).<br>  - Defining a communication strategy for reporting ICT-related incidents.<br><br>**7. Multi-Vendor Strategy**<br>- Financial entities may establish a multi-vendor strategy to show key dependencies on ICT third-party providers and justify their procurement choices.<br><br>**8. Outsourcing Compliance Tasks**<br>- Entities may outsource compliance verification tasks to intra-group or external providers but remain fully responsible for ensuring compliance with ICT risk management requirements. | Endpoint Central has comprehensive [reporting capability](https://www.manageengine.com/products/desktop-central/help/reports/desktop-central-reports.html). Apart from providing deep insights about endpoint estate, it can also be used for **governance and auditing purposes.** |
| 7 | **ICT Systems, Protocols, and Tools**<br><br>Financial entities must use and maintain updated ICT systems, protocols, and tools to manage ICT risks. These systems must be:<br><br>**1. Proportionate to Operations**<br>- Suitable for the scale and complexity of the entity’s activities, following the proportionality principle (Article 4).<br><br>**2. Reliable**<br>- Dependable for supporting operational and business needs.<br><br>**3. Sufficient Capacity**<br>- Capable of accurately processing necessary data.<br>- Able to handle peak transaction volumes and accommodate new technology.<br><br>**4. Technologically Resilient**<br>- Equipped to manage additional information processing requirements during stressed market conditions or adverse situations. | Endpoint Central uses FIPS 140-2 compliant algorithms. Users can enable FIPS mode to run their IT in a highly secure environment.<br><br>Endpoint Central's multi-tenant, [Summary Server architecture](https://www.manageengine.com/products/desktop-central/summary-server/architecture.html) helps you enroll/onboard more endpoints as your business grows. This architecture is also flexible for organizations with a global presence.<br><br>Endpoint Central has multiple third-party software [integrations](https://www.manageengine.com/products/desktop-central/integration.html) to blend into your organization's IT seamlessly. |
| 8 | **Identification**<br><br>As part of their ICT risk management framework, financial entities must implement the following measures to identify and manage ICT risks:<br><br>**1. ICT Asset and Function Identification**<br>- Identify, classify, and document all ICT-supported business functions, roles, responsibilities, and their supporting information and ICT assets, including dependencies related to ICT risks.<br>- Review and update classifications and documentation at least annually or as needed.<br><br>**2. Risk and Threat Identification**<br>- Continuously identify ICT risk sources, including risks from other financial entities.<br>- Assess cyber threats and vulnerabilities affecting ICT-supported business functions, information assets, and ICT assets.<br>- Regularly review and update risk scenarios, at least annually.<br><br>**3. Risk Assessment for Major Changes**<br>- Conduct risk assessments after major changes to network and information systems, processes, or procedures affecting ICT-supported business functions, information, or ICT assets.<br><br>**4. Critical ICT Asset Mapping**<br>- Identify and map all ICT and information assets, including remote sites, network resources, and hardware.<br>- Map configurations, interdependencies, and links between critical assets.<br><br>**5. Third-Party Dependency Identification**<br>- Document all processes dependent on ICT third-party service providers.<br>- Identify interconnections with providers supporting critical or important functions.<br><br>**6. Inventory Management**<br>- Maintain and periodically update inventories of ICT assets, including after major changes.<br><br>**7. Legacy ICT System Assessment**<br>- Conduct specific ICT risk assessments on legacy systems at least annually and before and after connecting them with new technologies, applications, or systems. | Endpoint Central uses its agents to fetch complete inventory details across your IT environment.<br><br>It provides comprehensive vulnerability management with constant assessment and visibility of threats from a single console.<br><br>Apart from vulnerability assessment, it also provides built-in remediation of detected vulnerabilities.<br><br>Refer to the types of [Inventory scans](https://www.manageengine.com/products/desktop-central/help/inventory/scan_systems_for_inventory.html) leveraged by Endpoint Central for monitoring your IT.<br><br>Admins can configure [Inventory Alerts](https://www.manageengine.com/products/desktop-central/help/inventory/configure_email_alerts_for_inventory.html) for unauthorized changes in the IT network.<br><br>Endpoint Central can help admins track [high-risk software](https://www.manageengine.com/vulnerability-management/high-risk-software-audit.html) such as outdated software, peer-to-peer software, and insecure remote-sharing software.<br><br>The [Custom Group](https://www.manageengine.com/products/desktop-central/help/configuring_desktop_central/creating_custom_groups.html) feature enables logical segregation of critical systems for effective management.<br><br>With Network Access Control, admins can quarantine End-of-Life OS systems. |
| 9 | **Protection and Prevention**<br><br>Financial entities must implement measures to continuously monitor, control, and minimize ICT risks to ensure the security, resilience, and availability of ICT systems and data. These measures include:<br><br>**1. ICT System Monitoring and Control**<br>- Continuously monitor and control the security and functioning of ICT systems and tools.<br>- Minimize ICT risks using appropriate security tools, policies, and procedures.<br><br>**2. ICT Security Policies and Tools**<br>- Develop and implement policies, procedures, protocols, and tools to:<br>  - Ensure resilience, continuity, and availability of ICT systems supporting critical functions.<br>  - Maintain high standards for data availability, authenticity, integrity, and confidentiality (at rest, in use, or in transit).<br><br>**3. ICT Solutions and Processes**<br>- Use solutions and processes aligned with proportionality (Article 4) to:<br>  - Secure data transfers.<br>  - Minimize risks of data corruption, loss, unauthorized access, or technical flaws.<br>  - Prevent breaches of availability, authenticity, integrity, and confidentiality.<br>  - Protect data from risks related to poor administration, processing errors, and human mistakes.<br><br>**4. Key Components of ICT Risk Management Framework**<br>- **Information Security Policy:** Define rules to protect data and ICT assets, including customer data.<br>- **Network and Infrastructure Management:**<br>  - Use automated mechanisms to isolate assets during cyber-attacks.<br>  - Design networks to allow instant severing or segmentation to minimize contagion.<br>- Access Control Policies: Restrict access to ICT and information assets to legitimate activities.<br>- Strong Authentication:<br>  - Implement strong authentication based on relevant standards.<br>  - Protect cryptographic keys and ensure encryption based on approved classification and risk assessment.<br>- **ICT Change Management:**<br>  - Establish risk-based policies for managing ICT changes.<br>  - Ensure changes are documented, tested, approved, and implemented in a controlled manner.<br>  - Have specific protocols approved by appropriate management lines.<br>- Patch and Update Policies: Develop comprehensive, documented patch and update policies. | Endpoint Central offers endpoint security features such as Endpoint DLP, Browser Security, risk-based vulnerability and patch management, Next-Gen Antivirus, anti-ransomware, and mobile security capabilities.<br><br>It provides comprehensive patch support for Windows, Linux, macOS, and Windows Server OS, and patches 1,000+ third-party applications, hardware drivers, and BIOS.<br><br>Users can enable [FIPS mode](https://www.manageengine.com/products/desktop-central/help/configuring_desktop_central/fips-compliance.html) for enhanced security.<br><br>Admins can encrypt Windows devices using BitLocker Management and Mac devices using FileVault encryption.<br><br>Configure [Windows Firewall](https://www.manageengine.com/products/desktop-central/help/computer_configuration/configuring_windows_xp_firewall.html) for endpoints.<br><br>Perform a [port audit](https://www.manageengine.com/vulnerability-management/audit-ports-in-use.html) to reduce attack surface.<br><br>Enforce [threat protection configurations](https://www.manageengine.com/browser-security/help/threat-prevention-browser-configurations.html) and restrict [file downloads](https://www.manageengine.com/browser-security/download-restriction.html).<br><br>Harden web servers and fix [security misconfigurations](https://www.manageengine.com/vulnerability-management/misconfiguration).<br><br>Leverage [endpoint privilege management](https://www.manageengine.com/application-control/endpoint-privilege-management.html) and enforce [conditional access policies](https://www.manageengine.com/mobile-device-management/help/profile_management/mdm_conditional_access.html). |
| 10 | **Detection**<br><br>Financial entities must implement mechanisms to promptly detect anomalous activities, ICT network performance issues, and ICT-related incidents.<br><br>**1. Detection Mechanisms**<br>- Establish mechanisms to identify anomalies, potential single points of failure, and ICT-related incidents.<br>- Regularly test these mechanisms as per Article 25.<br><br>**2. Multi-Layered Controls**<br>- Enable multiple layers of control.<br>- Define alert thresholds and criteria to trigger incident response processes.<br>- Include automated alert mechanisms for response staff.<br><br>**3. Monitoring Resources**<br>- Allocate sufficient resources to monitor user activity, ICT anomalies, and cyber-attacks.<br><br>**4. Data Reporting Service Providers**<br>- Verify completeness of trade reports.<br>- Identify omissions or errors and request re-transmission if required. | In case of a [malware attack](https://www.manageengine.com/products/desktop-central/nextgen-antivirus.html), Endpoint Central alerts SOC teams and enables safe quarantine.<br><br>It protects endpoints [against ransomware](https://www.manageengine.com/products/desktop-central/anti-ransomware.html) and provides instant, non-erasable backups every three hours using Microsoft Volume Shadow Copy Service.<br><br>Infected files can be restored from the most recent backup copy. |
| 11 | **Response and Recovery**<br><br>Includes ICT business continuity policies, implementation procedures, response and recovery plans, business impact analysis (BIA), testing, crisis management, record-keeping, and reporting obligations.<br><br>Entities must:<br>- Ensure continuity of critical functions.<br>- Activate containment and recovery measures.<br>- Conduct annual testing including cyber-attack scenarios.<br>- Maintain records and report major ICT incidents as required.<br>- Align with ESA guidelines for estimating losses. | Endpoint Central guards endpoints against ransomware and provides instant, non-erasable backups.<br><br>Endpoints exhibiting suspicious behavior can be quarantined and restored after forensic analysis.<br><br>Integrates with SIEM tools such as Rapid7, Splunk, and EventLog Analyzer. |
| 12 | **Backup Policies, Restoration, and Recovery Procedures**<br><br>Entities must establish backup policies, restoration methods, redundant ICT capacities, and secure secondary processing sites (where applicable).<br><br>They must define recovery time and recovery point objectives, perform data integrity checks, and test restoration procedures periodically. | Endpoint Central provides ransomware protection and non-erasable backups every three hours using Microsoft Volume Shadow Copy Service.<br><br>Supports endpoint quarantine and secure restoration processes. |
| 15 | **Further Harmonisation of ICT Risk Management Tools, Methods, Processes, and Policies**<br><br>ESAs will develop Regulatory Technical Standards (RTS) to strengthen ICT security policies, access controls, anomaly detection, business continuity testing, and reporting standards.<br><br>Draft RTS to be submitted to the European Commission by 17 January 2024. | Endpoint Central helps organizations comply with *RTS (Regulatory Technical Standards) on ICT risk management tools, methods, processes, and policies*.<br><br>Provides ransomware protection, FIPS 140-2 compliant algorithms, encryption support, endpoint privilege management, and [conditional access policies](https://www.manageengine.com/mobile-device-management/help/profile_management/mdm_conditional_access.html). |
| 16 | **Simplified ICT Risk Management Framework**<br><br>Applicable to certain small or exempted entities.<br><br>Requires documented ICT risk frameworks, continuous monitoring, resilience measures, incident handling, third-party dependency identification, business continuity planning, testing, review, and reporting.<br><br>ESAs to develop RTS specifying additional elements and testing rules. | Endpoint Central supports compliance with RTS and the simplified ICT risk management framework, including Articles 30 to 38 of the RTS. |
| 17 | **ICT-Related Incident Management Process**<br><br>Entities must define processes to monitor, classify, log, and respond to ICT-related incidents.<br><br>Key elements include:<br>- Early warning indicators.<br>- Incident classification aligned with Article 18(1).<br>- Defined roles and responsibilities.<br>- Communication plans for stakeholders and authorities.<br>- Senior management reporting.<br>- Response procedures to mitigate impacts and restore services securely. | In case of a suspicious event, the following details are sent to the Network Administrator/SOC team:<br><br>**Attack Details:**<br>- Detection Time<br>- Reported Time<br>- Attack Status<br>- Agent Action<br>- Attack Criticality (Low/Medium/High)<br>- Detection Source (Behaviour Engine)<br>- Image Path<br>- Process Name<br>- SHA256<br>- Command<br><br>**Endpoint Details:**<br>- Endpoint Name<br>- Domain Name<br>- Endpoint Status<br>- Endpoint Version<br>- Activated Time<br>- Last Contact Time |