DORA readiness

Operational resilience and ICT incident reporting with Nexus

DORA readiness

The Digital Operational Resilience Act (DORA) requires financial entities to manage ICT risk, report major incidents, and monitor third-party providers. Nexus maps to DORA operational controls through its audit spine, incident classification, and kill-switch infrastructure.

Control mapping

DORA themeNexus capability
ICT risk managementAgentIAM identity, MCP Gateway least-privilege, connector certification
Incident detectionReal-time policy blocks, shadow metrics anomalies, containment zones
Incident reportingClassification API, audit export with correlation IDs
Third-party riskConnector registry, vendor sandbox isolation, TPSP monitoring hooks
Operational resilienceKill Switch v2, fail-closed defaults, configurable data residency

Classify an ICT incident

curl -X POST "https://api.hardalion.com/api/v1/public/compliance/dora/classify-incident" \
  -H "Authorization: Bearer $API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "incident_type": "agent_policy_breach",
    "severity": "major",
    "affected_systems": ["agt_prod_f8a92b"],
    "description": "Repeated BLOCK on high-value transfer tool"
  }'

Returns classification metadata and suggested regulator notification timeline based on severity.

Incident evidence export

After classification, export the audit trail for the incident window:

curl "https://nexus.hardalion.com/api/v1/audit/export?format=json&correlation_id=inc_20260405_001" \
  -H "Authorization: Bearer $TENANT_API_KEY" \
  -o incident-evidence.json

Hash chain verification: POST /api/v1/audit/verify.

Kill switch (emergency containment)

DORA-aligned containment for compromised agent credentials:

curl -X POST "https://api.hardalion.com/api/v2/infrastructure/kill-switch/global" \
  -H "Authorization: Bearer $API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "reason": "ict_incident_containment",
    "scope": "tenant"
  }'

All activations are audited with operator identity and correlation ID.

Third-party agent containment

Vendor-native agents (Microsoft Copilot, Salesforce Agentforce, etc.) can be isolated in containment zones so cross-vendor relay traffic never reaches production backends without explicit policy allow.

Inspect containment status:

curl "https://api.hardalion.com/api/v1/infrastructure/containment" \
  -H "Authorization: Bearer $API_KEY"

Operational dashboards

The Nexus console surfaces:

  • Policy block rate and shadow counterfactual trends
  • Connector health and certification status
  • Open compliance exceptions and SLA timers
  • Infrastructure passport (deployment posture summary)

Shadow mode for resilience testing

Before major policy changes, run shadow mode to measure blast radius without disrupting operations. Shadow metrics feed operational resilience evidence packs.