This table shows the 21 compliance areas where SOC 2 and DORA controls overlap. When you mark a control as implemented in either framework, Venvera automatically propagates the status to the equivalent control in the other.
| Compliance Area | SOC 2 | DORA |
|---|---|---|
| Encryption | CC6.1, CC6.7 | ict-10 |
| Access Control | CC6.1 | ict-11 |
| Identity Management | CC6.2 | ict-11 |
| Authentication & MFA | CC6.1, CC6.3 | ict-11 |
| Network Security | CC6.6 | ict-09 |
| Vulnerability Management | CC7.1 | ict-12 |
| Logging & Monitoring | CC7.1, CC7.2 | ict-14 |
| Incident Management | CC7.3, CC7.4 | inc-01 |
| Incident Classification | CC7.3 | inc-03, inc-04 |
| Incident Reporting | CC7.5 | inc-05, inc-06 |
| Incident Response Team | CC7.4 | inc-09 |
| Business Continuity | A1.1, A1.2 | ict-15 |
| Backup & Restoration | A1.2 | ict-16 |
| Third-Party Risk Management | CC9.2 | tpr-01 |
| Supplier Due Diligence | CC9.2 | tpr-03 |
| Risk Assessment | CC3.2 | ict-07 |
| Information Security Policy | CC1.1 | ict-08 |
| Security Awareness & Training | CC1.4 | ict-18 |
| Change Management | CC8.1 | ict-13 |
| Security Testing | CC4.1 | res-01 |
| Configuration Management | CC6.1 | ict-04 |
For details on how propagation works, thresholds, and the auto-mapped badge, see the Cross-Framework Control Propagation overview article.