DORA readiness
Operational resilience and ICT incident reporting with Nexus
DORA readiness
The Digital Operational Resilience Act (DORA) requires financial entities to manage ICT risk, report major incidents, and monitor third-party providers. Nexus maps to DORA operational controls through its audit spine, incident classification, and kill-switch infrastructure.
Control mapping
| DORA theme | Nexus capability |
|---|---|
| ICT risk management | AgentIAM identity, MCP Gateway least-privilege, connector certification |
| Incident detection | Real-time policy blocks, shadow metrics anomalies, containment zones |
| Incident reporting | Classification API, audit export with correlation IDs |
| Third-party risk | Connector registry, vendor sandbox isolation, TPSP monitoring hooks |
| Operational resilience | Kill Switch v2, fail-closed defaults, configurable data residency |
Classify an ICT incident
curl -X POST "https://api.hardalion.com/api/v1/public/compliance/dora/classify-incident" \
-H "Authorization: Bearer $API_KEY" \
-H "Content-Type: application/json" \
-d '{
"incident_type": "agent_policy_breach",
"severity": "major",
"affected_systems": ["agt_prod_f8a92b"],
"description": "Repeated BLOCK on high-value transfer tool"
}'Returns classification metadata and suggested regulator notification timeline based on severity.
Incident evidence export
After classification, export the audit trail for the incident window:
curl "https://nexus.hardalion.com/api/v1/audit/export?format=json&correlation_id=inc_20260405_001" \
-H "Authorization: Bearer $TENANT_API_KEY" \
-o incident-evidence.jsonHash chain verification: POST /api/v1/audit/verify.
Kill switch (emergency containment)
DORA-aligned containment for compromised agent credentials:
curl -X POST "https://api.hardalion.com/api/v2/infrastructure/kill-switch/global" \
-H "Authorization: Bearer $API_KEY" \
-H "Content-Type: application/json" \
-d '{
"reason": "ict_incident_containment",
"scope": "tenant"
}'All activations are audited with operator identity and correlation ID.
Third-party agent containment
Vendor-native agents (Microsoft Copilot, Salesforce Agentforce, etc.) can be isolated in containment zones so cross-vendor relay traffic never reaches production backends without explicit policy allow.
Inspect containment status:
curl "https://api.hardalion.com/api/v1/infrastructure/containment" \
-H "Authorization: Bearer $API_KEY"Operational dashboards
The Nexus console surfaces:
- Policy block rate and shadow counterfactual trends
- Connector health and certification status
- Open compliance exceptions and SLA timers
- Infrastructure passport (deployment posture summary)
Shadow mode for resilience testing
Before major policy changes, run shadow mode to measure blast radius without disrupting operations. Shadow metrics feed operational resilience evidence packs.