ict-risk
Safeguard articles tagged "ict-risk" — guides, analysis, and best practices for software supply chain and application security.
5 articles
DORA regulation deep dive: ICT risk, testing, and third-party rules
The Digital Operational Resilience Act applies to EU financial entities and their ICT providers. Here are the five pillars, the register of information, and what your software supply chain now has to withstand.
DORA Financial Services Supply Chain Obligations in 2026
The Digital Operational Resilience Act has been in application since January 2025. The ICT third-party risk management obligations are the operational center of gravity in 2026.
DORA Compliance for Fintech Engineering Teams
DORA has applied since January 2025. For engineers that means ICT asset inventories, 4-hour incident classification, TLPT, and a register of every software supplier.
DORA Third-Party ICT Risk for Financial Services 2026
A senior engineer's view of DORA third-party ICT risk in 2026: register of information, concentration risk, subcontractor depth, and the operational controls regulators actually test.
DORA Operational Resilience: Software Implications
DORA became fully applicable January 17, 2025. Here's what Articles 6, 8, 28, and the ICT third-party RTS mean for the software you build, buy, and operate in the EU.