Verified STARTER LOCAL Advanced

DORA ICT Incident Reporting Register

A deterministic engine that captures an ICT incident, applies DORA's major-incident classification criteria, schedules the regulatory report deadlines, and records every state change in an append-only audit ledger that is sign-off-ready for the regulator.

Spring Boot service that captures, classifies, and reports major ICT incidents to the regulator with an immutable audit trail, aligned to the EU DORA reporting timelines. Runnable Spring Boot implementation with evidence pack.

v1.0.0 JVM 17 / Spring Boot 3.3 Score: 80/100
DORA ICT Incident Reporting Register
LinkedIn
Link copied.
Create free account
Unlock implementation details and enabled downloads.
Can this solution support an enterprise evaluation?
Review certification, delivery package, deployment model, evidence, and access requirements before reading the full implementation notes.
Certification VERIFIED
Score 80/100
Deployment LOCAL
License Enterprise
Evidence 4 item(s)
Code 1 file(s)
VERIFIED
LOCAL
15 min local run
80/100

Business Fit

Who should buy this package and what enterprise problem it is designed to solve.

A deterministic engine that captures an ICT incident, applies DORA's major-incident classification criteria, schedules the regulatory report deadlines, and records every state change in an append-only audit ledger that is sign-off-ready for the regulator.
Spring Boot service that captures, classifies, and reports major ICT incidents to the regulator with an immutable audit trail, aligned to the EU DORA reporting timelines. Runnable Spring Boot implementation with evidence pack.
Enterprise teams evaluating runnable AI engineering assets.
Capturing and classifying major ICT incidents under DORAcomputing regulatory report deadlinesand producing an immutable audit trail for supervisory reporting by EU financial entities.

Enterprise Readiness

Deployment model, integration points, governance, observability, and compliance tags.

LOCAL
JVM 17 / Spring Boot 3.3
RegTech
POST /api/v1/incidents; GET /api/v1/incidents/{id}
Structured JSON audit log emitted on every incident capture, classification decision, and report scheduling event, each correlated by incident_id and persisted to the immutable audit_event table.; Incident submission is idempotent on a client-supplied incident reference; transient downstream failures (e.g. report dispatch) use bounded exponential backoff and never duplicate audit events.
Spring Boot Actuator exposes /actuator/health and metrics for liveness and operational monitoring.
DORA, EU Regulation 2022/2554, ICT Risk, Incident Reporting
Tables: ict_incident, incident_classification, regulatory_report, audit_event

Delivery Package

Concrete artifacts included with the solution, separated from long-form implementation notes.

Included in this product
Full source code package
Docker Compose runnable stack
Verification evidence screenshots
Production implementation notes
Source code, Docker Compose, Flyway migrations, seed data, Evidence pack
Best for
Spring Boot teams building production AI features.
Verified evidence
Execution artifacts included with this product package.
4 item(s)
04-test-output.png
03-database-proof.png
02-api-response.png
01-startup-health.png

Implementation Notes

Detailed runnable instructions and technical documentation. Enterprise profile, delivery scope, and evidence are summarized above.

Create a free account to unlock the runnable package
Email verification unlocks full implementation notes, runnable source bundles when enabled, and product assets for adaptation.
Source package Full notes Evidence assets

DORA ICT Incident Reporting Register

A runnable Spring Boot service that captures, classifies, and reports major ICT incidents to the regulator with an immutable audit trail, aligned to the EU DORA reporting timelines.

Problem

Under EU DORA (Regulation 2022/2554), financial entities must detect, classify, and report major ICT-related incidents to their competent authority within strict windows (initial notification, intermediate, and final reports). Handling this manually with spreadsheets and email is slow, inconsistent in applying the major-incident classification criteria, and leaves no tamper-evident record — exposing the firm to missed deadlines, mis-classification, and supervisory findings.

Solution Overview

A deterministic engine that:

  1. Captures an ICT incident through a validated REST API.
  2. Classifies it server-side against DORA's major-incident criteria (clients affected, service downtime, data losses, economic impact).
  3. Schedules the regulatory report deadlines — initial (24h), intermediate (72h), and final (1 month) windows computed from detection time.
  4. Records every state change in an append-only audit ledger that is enforced immutable at both the application and database (trigger) level.

Everything runs locally with docker compose up — a Spring Boot 3.3 app on Java 17 backed by PostgreSQL 16 with Flyway migrations and seed data.

What you get

  • Complete Spring Boot 3.3 / Java 17 source (entities, repositories, service, REST API).
  • PostgreSQL 16 schema via Flyway migrations, plus seed data.
  • Multi-stage Dockerfile and docker-compose.yml — one command to run.
  • DORA classification engine and report-deadline scheduler.
  • Append-only audit ledger with a database-level immutability trigger.
  • Structured JSON audit logging, bounded exponential-backoff retry, Actuator health.
  • JUnit tests that pass with mvn verify.
  • An evidence pack script producing four verifiable artifacts.

Verification & Evidence

Run the evidence generator after starting the stack:

docker compose up -d --build
./evidence/run-evidence.sh

It produces four artifacts:

| Artifact | What it proves | |----------|----------------| | 01-startup-health | /actuator/health reports UP | | 02-api-response | POST /api/v1/incidents returns 200 with an incidentId | | 03-database-proof | audit_event ledger holds rows for the captured incident | | 04-test-output | mvn verify passes |

Changelog
Release notes

1.0.0

  • Initial release.
On this page
Share this product
Link copied.
Free account required
Create an account and verify your email to unlock the runnable package.
Free


  • Solution write-up and runnable implementation
  • Evidence images (when published)
  • Code bundle downloads (when enabled)
Evidence
4 item(s)
04-test-output.png
03-database-proof.png
02-api-response.png
01-startup-health.png
Code downloads
1 file(s)
code.zip
ZIP bundle
Locked
License
Enterprise
ExeSolution Commercial License (Pro tier). A single legal entity (the licensee financial entity) may deploy, operate, and modify this DORA ICT Incident Reporting Register for its own internal regulatory reporting and supervisory obligations under Regulation (EU) 2022/2554. Redistribution, resale, or sublicensing of the source or derivatives is prohibited. Provided as-is without warranty of regulatory adequacy; the licensee remains responsible for its own DORA compliance. Full terms at exesolution.com/terms.