DORA · Regulation (EU) 2022/2554

Watch your providers on the dark web.

See which DORA requirements OwlyScan covers — with proof you can show.

EU hosted · Audit-ready reports · Free company check

OwlyScan

What is OwlyScan?

OwlyScan is a deep and dark web monitoring platform. It indexes documents in every format and language, watches your company and your suppliers, and turns hits into alerts and audit-ready reports.

  • Continuous watch on you, your suppliers, and their subcontractors
  • Credentials, contracts, source code, databases, mentions, and more
  • Alerts and reports you can show to auditors, customers, and IR teams

How OwlyScan maps to the requirements

  1. 01

    Name the ICT chain you depend on

    Your entity, critical ICT service providers, and trusted third parties enter the watch list — not only hyperscalers.

  2. 02

    Run continuous cyber due diligence

    OwlyScan indexes underground sources and surfaces credentials, contracts, and documents that expose you or your providers.

  3. 03

    Keep proof for resilience and audit

    Alerts and audit-ready reports show that third-party exposure watch is operating over time.

OwlyScan supports selected measures with external monitoring and evidence. It is not a certification, and it does not replace your full compliance programme.

Which requirements OwlyScan covers

Where OwlyScan covers the requirement

Ref Domain What the framework asks Coverage How OwlyScan helps
Art. 28 ICT third-party risk Manage ICT third-party risk: identify, assess, and monitor risks stemming from ICT service providers, including concentration and critical providers. Covered Continuous deep and dark web monitoring of named ICT providers and key vendors, with alerts and reports for third-party risk files.
Arts. 28–30 Provider monitoring · cyber due diligence Ongoing monitoring and due diligence of ICT third-party arrangements beyond contract signature. Covered Watch what circulates about providers (credentials, contracts, dumps, mentions); evidence that cyber due diligence watch is operational over time.
Art. 28 Covered
ICT third-party risk

Manage ICT third-party risk: identify, assess, and monitor risks stemming from ICT service providers, including concentration and critical providers.

Continuous deep and dark web monitoring of named ICT providers and key vendors, with alerts and reports for third-party risk files.

Arts. 28–30 Covered
Provider monitoring · cyber due diligence

Ongoing monitoring and due diligence of ICT third-party arrangements beyond contract signature.

Watch what circulates about providers (credentials, contracts, dumps, mentions); evidence that cyber due diligence watch is operational over time.

Where OwlyScan supports the requirement

Ref Domain What the framework asks Coverage How OwlyScan helps
Arts. 9–10 Detection & response Detect anomalous activities and respond to ICT-related incidents. Partial Early external signal when credentials or documents appear underground. Not internal anomaly detection or containment tooling.
Art. 17 ICT-related incident management Detect, manage, and notify ICT-related incidents through defined processes. Partial Alerts and Investigation mode for underground scoping; process ownership stays with the entity.
Art. 19 Major ICT-related incident reporting Report major ICT-related incidents to competent authorities within mandated timelines. Partial Timestamped artefacts for timeline and narrative. Does not file reports.
Arts. 5–6 ICT risk management framework Identify ICT risks, protect systems and data, and maintain an ICT risk management framework. Partial Objective exposure evidence for the entity and providers as input to risk analysis — beyond self-attestation.
Art. 13 Learning & evolving Learn from ICT-related incidents and cyber threats and improve measures accordingly. Partial Investigation outputs feed post-incident lessons. Not a full learning-management system.
Art. 45 Information sharing Voluntary arrangements to share cyber threat information and intelligence among trusted communities. Partial Entity-scoped underground intelligence that can feed sharing. Does not operate ISACs or legal sharing vehicles.
Arts. 9–10 Partial
Detection & response

Detect anomalous activities and respond to ICT-related incidents.

Early external signal when credentials or documents appear underground. Not internal anomaly detection or containment tooling.

Art. 17 Partial
ICT-related incident management

Detect, manage, and notify ICT-related incidents through defined processes.

Alerts and Investigation mode for underground scoping; process ownership stays with the entity.

Art. 19 Partial
Major ICT-related incident reporting

Report major ICT-related incidents to competent authorities within mandated timelines.

Timestamped artefacts for timeline and narrative. Does not file reports.

Arts. 5–6 Partial
ICT risk management framework

Identify ICT risks, protect systems and data, and maintain an ICT risk management framework.

Objective exposure evidence for the entity and providers as input to risk analysis — beyond self-attestation.

Art. 13 Partial
Learning & evolving

Learn from ICT-related incidents and cyber threats and improve measures accordingly.

Investigation outputs feed post-incident lessons. Not a full learning-management system.

Art. 45 Partial
Information sharing

Voluntary arrangements to share cyber threat information and intelligence among trusted communities.

Entity-scoped underground intelligence that can feed sharing. Does not operate ISACs or legal sharing vehicles.

Before, during, and after an ICT-related incident

DORA incident handling and third-party oversight both need external signals. Underground publication is often an early one.

Before

Continuous watch on you and critical ICT third parties supports Art. 28 monitoring before a major ICT-related incident is declared.

During

Alerts when provider or entity material appears underground feed detection and analysis under Arts. 9–10 and 17.

After

Investigation mode scopes what was published, about whom, and since when — for Art. 19 narrative support and Art. 13 learning.

OwlyScan does not isolate systems, run TLPT, restore core banking services, or file reports with competent authorities.

Proof you can show

Outputs designed for operational resilience leads, compliance, procurement, and ICT risk.

  • Alerts on first relevant mention of you or a named provider
  • Audit-ready monitoring reports for third-party risk files
  • Provider exposure views for cyber due diligence
  • Sourced findings for incident analysis and remediation

Who uses this mapping

  • CISOs and operational resilience leads
  • Compliance and DORA programme owners
  • Procurement and cyber due diligence on providers
  • MSSPs and advisors to financial entities
  • CSIRT and remediation teams

EU hosted · Audit-ready reports · Free company check