Digital Operational Resilience Act (DORA), Article 6, ICT systems, protocols and tools.
1. Financial entities shall use and maintain updated ICT systems, protocols and tools, which fulfil the following conditions:
(a) the systems and tools are appropriate to the nature, variety, complexity and magnitude of operations supporting the conduct of their activities;
(b) they are reliable;
(c) they have sufficient capacity to accurately process the data necessary for the performance of activities and the provision of services in time, and to deal with peak orders, message or transaction volumes, as needed, including in the case of introduction of new technology;
(d) they are technologically resilient to adequately deal with additional information processing needs as required under stressed market conditions or other adverse situations.
2. Where financial entities use internationally recognized technical standards and industry leading practices on information security and ICT internal controls, they shall use those standards and practices in line with any relevant supervisory recommendation on their incorporation.