Cross-Framework Mapping

International standard for business continuity management. Provides a framework for planning, establishing, implementing, operating, monitoring, reviewing, maintaining and continually improving a BCM system.

EU directive on measures for a high common level of cybersecurity. Establishes cybersecurity risk management and reporting obligations for essential and important entities across critical sectors.

International standard for information security management systems. Specifies requirements for establishing, implementing, maintaining and continually improving an ISMS within the context of the organization.

EBA guidelines that preceded DORA for ICT risk management in banking. Establishes expectations for credit institutions and investment firms on ICT governance, risk management, security, and outsourcing oversight.

ECB framework for conducting threat-led penetration testing of critical financial infrastructure. Provides the methodology for TLPT as referenced in DORA Article 26.

Global security standard for organizations handling payment card data. Mandates technical and operational controls for cardholder data protection, relevant to financial entities processing card transactions.

EU regulation establishing harmonised rules on artificial intelligence. Classifies AI systems by risk level and imposes requirements on high-risk AI used in credit scoring, insurance, and financial services.

EU regulation on data protection and privacy. Establishes requirements for processing personal data, breach notification, and data protection impact assessments directly relevant to ICT risk management.

EBA guidelines establishing expectations for outsourcing arrangements by financial institutions. Covers governance, risk assessment, due diligence, contractual requirements, and monitoring of outsourcing including cloud services.