Digital Operational Resilience Act (DORA)
Requirement

Article 14: Communication

Oh no! No description found. But not to worry. Read from Tasks below how to advance this topic.

1. As part of the ICT risk management framework referred to in Article 6(1), financial entities shall have in place crisis communication plans enabling a responsible disclosure of, at least, major ICT-related incidents or vulnerabilities to clients and counterparts as well as to the public, as appropriate.
2. As part of the ICT risk management framework, financial entities shall implement communication policies for internal staff and for external stakeholders. Communication policies for staff shall take into account the need to differentiate between staff involved in ICT risk management, in particular the staff responsible for response and recovery, and staff that needs to be informed.
3. At least one person in the financial entity shall be tasked with implementing the communication strategy for ICTrelated incidents and fulfil the public and media function for that purpose

Fulfill this requirement by completing the tasks below ->
Digital Operational Resilience Act (DORA)
Article 14: Communication
This requirement is part of the framework:  
Digital Operational Resilience Act (DORA)

Other requirements of the framework

23277
Article 13: Learning and evolving
23276
Article 12: Backup policies and procedures, restoration and recovery procedures and methods
23278
Article 14: Communication
23282
Article 17: ICT-related incident management process
23283
Article 18: Classification of ICT-related incidents and cyber threats
Best practices
How to implement:
Article 14: Communication

Oh no! No description found. But not to worry. Read from Tasks below how to advance this topic.

1. As part of the ICT risk management framework referred to in Article 6(1), financial entities shall have in place crisis communication plans enabling a responsible disclosure of, at least, major ICT-related incidents or vulnerabilities to clients and counterparts as well as to the public, as appropriate.
2. As part of the ICT risk management framework, financial entities shall implement communication policies for internal staff and for external stakeholders. Communication policies for staff shall take into account the need to differentiate between staff involved in ICT risk management, in particular the staff responsible for response and recovery, and staff that needs to be informed.
3. At least one person in the financial entity shall be tasked with implementing the communication strategy for ICTrelated incidents and fulfil the public and media function for that purpose

Read below what concrete actions you can take to improve this ->
Article 14: Communication
Frameworks that include requirements for this topic:
No items found.

How to improve security around this topic

In Cyberday, requirements and controls are mapped to universal tasks. A set of tasks in the same topic create a Policy, such as this one.

Here's a list of tasks that help you improve your information and cyber security related to
Article 14: Communication
Task name
Priority
Task completes
Complete these tasks to increase your compliance in this policy.
Critical
31 requirements
No other tasks found.
Complete these tasks in Cyberday ISMS ->

How to comply with this requirement

In Cyberday, requirements and controls are mapped to universal tasks. Each requirement is fulfilled with one or multiple tasks.

Here's a list of tasks that help you comply with the requirement
Article 14: Communication
of the framework  
Digital Operational Resilience Act (DORA)
Task name
Priority
Task completes
Complete these tasks to increase your compliance in this policy.
Critical
31 requirements
Reporting personal data breaches to authorities / data subjects
Critical
High
Normal
Low
21
requirements
Incident management
Data breach management

Reporting personal data breaches to authorities / data subjects

This task helps you comply with the following requirements

33. Notification of a personal data breach to the supervisory authorityGDPR
34. Communication of a personal data breach to the data subjectGDPR
16.1.5: Response to information security incidentsISO 27001
6.1.3: Contact with authoritiesISO 27001
A.10.1: Notification of a data breach involving PIIISO 27018
RS.CO-2: Incident reportingNIST
RS.CO-3: Information sharingNIST
TSU-14: TietoturvaloukkauksetJulkri
5.5: Contact with authoritiesISO 27001
66: Tietoturvaloukkausten hallintaDigiturvan kokonaiskuvapalvelu
Communication plan for information security management system
Critical
High
Normal
Low
16
requirements
Risk management and leadership
Cyber security management

Communication plan for information security management system

This task helps you comply with the following requirements

Članak 29.a: UpravljanjeNIS2 Croatia
31 § 1°: Approbation des mesures de gestion des risques de cybersécuritéNIS2 Belgium
2.10.1: Include security in the organisation’s change management processNSM ICT-SP
RC.CO-2: Reputation is repaired after an incident.CyberFundamentals
ID.GV-1: Organizational cybersecurity policy is established and communicated.CyberFundamentals
14.5.2): Aukščiausiosios vadovybės atsakomybėNIS2 Lithuania
Article 14: CommunicationDORA
RC.CO-2: ReputationNIST
20.1: Top management commitmentNIS2
CC2.3: Communication with external partiesSOC 2
Communication in accordance with the incident response plan in the event of a incident
Critical
High
Normal
Low
16
requirements
Risk management and leadership
Continuity management

Communication in accordance with the incident response plan in the event of a incident

This task helps you comply with the following requirements

RS.CO-3: Information sharingNIST
32: Viestintäsuunnitelma häiriö- ja kriisitilanteisiinDigiturvan kokonaiskuvapalvelu
RESPONSE-3: Respond to Cybersecurity IncidentsC2M2
Article 14: CommunicationDORA
Article 17: ICT-related incident management processDORA
RS.RP-1: Response plan is executed during or after an incident.CyberFundamentals
RS.CO-3: Information is shared consistent with response plans.CyberFundamentals
RS.CO-4: Coordination with stakeholders occurs consistent with response plans.CyberFundamentals
RC.RP-1: Recovery plan is executed during or after a cybersecurity incident.CyberFundamentals
4.2.3: Inform relevant stakeholdersNSM ICT-SP
Communicating recovery measures to stakeholders
Critical
High
Normal
Low
6
requirements
Risk management and leadership
Continuity management

Communicating recovery measures to stakeholders

This task helps you comply with the following requirements

RC.CO-3: Recovery actionsNIST
Article 14: CommunicationDORA
RC.CO-3: Recovery activities are communicated to internal and external stakeholders as well as executive and management teamsCyberFundamentals
4.2.3: Inform relevant stakeholdersNSM ICT-SP
RC.CO-03: Recovery activities and progress communication to stakeholdersNIST 2.0
Article 39: Components of the ICT business continuity planDORA simplified RMF
Complete these tasks in Cyberday ISMS ->

The ISMS component hierachy

Framework

Sets the overall compliance standard or regulation your organization needs to follow.

Requirements

Break down the framework into specific obligations that must be met.

Tasks

Concrete actions and activities your team carries out to satisfy each requirement.

Policies

Documented rules and practices that are created and maintained as a result of completing tasks.

Never duplicate effort. Do it once - improve compliance across frameworks.

Reach multi-framework compliance in the simplest possible way
Security frameworks tend to share the same core requirements - like risk management, backup, malware, personnel awareness or access management.
Cyberday maps all frameworks’ requirements into shared tasks - one single plan that improves all frameworks’ compliance.
Do it once - we automatically apply it to all current and future frameworks.
Start free trial
Effortless compliance improvement
Widest framework library in EU
Extensive support

Start your compliance journey

Use in MS Teams or use your browser with Slack integration.
Risk free trial. No credit card required. Stop at any time.

Start free 14-day trial
Book a meeting
How it works?
SummarySecurity tasks and assuranceDocumentation workflowsEmployee guidelinesReporting templates
Use cases
By frameworkAll frameworksISO 27001NIS2 directiveNIST CSFCSA CCMISO 27701GDPRISO 27017ISO 27018
By methodCyber risk managementEmployee awarenessCompliance reportingControl managementAsset managementPrivacy managementVendor assessments
Resources
AcademyWebinarsBlogHelp articlesVideo coursesContent libraryGuidesNewsletterLeave a reviewPartner programTeamTerms of usePrivacy policy
Contact us
+358 10 231 6010
team@cyberday.ai
App works in:
Known in Finland as Digiturvamalli
© Cyberday Inc. Kalevantie 2 33100 Tampere, Finland
Cyberday.ai - Improve and certify your cyber security