Governance and Oversight Policy

This Governance and Oversight Policy establishes a framework for accountability, transparency, and compliance with the Digital Operational Resilience Act (DORA). It ensures that roles, responsibilities, and decision-making structures are clearly defined to support operational resilience, ICT risk management, and regulatory compliance objectives. 

• Governance Structure: Defines a hierarchy, including the Board of Directors, Executive Management, and the Digital Operational Resilience Officer (DORO), to oversee ICT operations and resilience.
• Roles and Responsibilities: Outlines specific duties for governance bodies, including risk assessments, compliance monitoring, and decision-making for ICT-related changes.
• Risk and Third-Party Oversight: Integrates ICT risk management with enterprise strategies and establishes oversight for third-party vendors to ensure alignment with resilience standards.
• Audit and Reporting: Implements periodic audits and reporting mechanisms to ensure transparency and compliance with regulatory expectations.

This policy provides a foundation for strategic governance and operational oversight, aligning with DORA’s requirements to support the organization’s resilience and security objectives.