Hi everyone,
I’m a VP of Data & Analytics at a regulated bank. We are currently scrambling to prepare our DORA Article 28 Register of Information (RoI) for the upcoming 2026 reporting cycle.
I noticed existing Jira apps are either heavy GRC suites (expensive/complex) or generic asset managers. I just need a clean way to tag our ICT vendors on tickets and export the mandatory ESMA report.
I decided to build a simple "DORA Register" plugin for my own team to solve this, and I'm thinking of releasing it.
The concept:
- Vendor Panel: A dedicated dashboard to list vendors + LEI Codes (mandatory).
- Risk Link: A custom field on Jira Issues to link a vendor and mark "Critical Function: Yes/No."
- The "Auditor" Export: A button that generates the exact XML/CSV structure the regulator demands.
My Question: For those dealing with DORA, is linking vendors to specific Jira Issues enough for your audit trails? Or do you strictly need to link them to Service Desk Assets/Objects?
If you want to beta test the CSV export script next week, let me know.
Thanks!
