amr/hermes-brain
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Reorganize brain: projects/ top level, rename filenames, update homepage

Browse Source 
- Moved everything from ideas/passepartout/ to projects/passepartout/
- Moved legal structures to projects/flags/
- Created missing _index.org files for all subdirectories
- Stripped redundant passepartout- prefix from filenames
- Rewrote root _index.org as generalized brain index (projects + concepts)
- Updated Hugo nav to Projects/Concepts
- Updated build script section descriptions
- Deleted stale ideas/passepartout-economics.md orphan
This commit is contained in:
Hermes
2026-05-24 18:54:14 +00:00
parent 4b60244919
commit 0a8e77e949
119 changed files with 177 additions and 127 deletions
Download Patch File Download Diff File Expand all files Collapse all files

30
projects/passepartout/strategy/compliance/dora.org Normal file
View File

@@ -0,0 +1,30 @@
:PROPERTIES:
:ID: 717ef2df-2a80-4362-b23a-5e7e12554251
:ID: auto-dora
:CREATED: [2026-05-23 Sat]
:END:
#+title: DORA (Digital Operational Resilience Act)
#+filetags: :passepartout:compliance:framework:dora:
** DORA (Digital Operational Resilience Act)
EU regulation (effective January 2025) for the financial sector. Requires:
ICT risk management, incident reporting, digital operational resilience testing,
ICT third-party risk management (including contractual access and audit rights
for critical ICT providers), information sharing, threat-led penetration testing
(TLPT) for systemic institutions.
Who must comply: 22,000+ financial entities in the EU (banks, investment firms,
payment processors, crypto-asset providers, insurance companies). Also ICT
third-party providers deemed critical.
Penalties: Up to 2% of average daily turnover × number of days breached, or
10M EUR for legal entities. Personal liability for management.
Why it matters: DORA's third-party risk management requirement is a natural gate
stack use case — every ICT provider access must be gated, logged, and auditable.
TLPT (threat-led penetration testing) maps to the [[id:45258a2d-1675-562c-9024-5d1eb2f1ea56][evaluation harness]]. First-mover
advantage is extremely time-sensitive: DORA is already in effect (January 2025).
Financial institutions are scrambling for compliance tooling. A DORA gate package
at $50K/yr with zero incremental cost per additional user is an immediate sale.