Chapter II (Articles 5 –16) of DORA details the monitoring activities and other security procedures and policies financial institutions should establish and maintain to support a proper ICT risk management process. These policies should cover the entire lifecycle of data assets and ICT systems, from development and deployment to maintenance and decommissioning. Financial entities are expected to regularly review and update their risk management strategies to adapt to new and emerging threats.

Commvault solutions can help satisfy this requirement through discovery, classifications, and protecting sensitive data; build a standardized cyber recovery platform; receive early threat warnings; divert attacks using advanced deception technology; and employ anomaly detection to aid in incident response.