Digital Operational Resilience Management release notes

  • Release version: Store
  • Updated June 11, 2026
  • 4 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Digital Operational Resilience Management release notes

    The Digital Operational Resilience Management (DORM) application on the ServiceNow Store helps organizations manage and report on legal entities, branches, functions, third parties, third-party engagements, and contracts. It supports compliance with regulatory requirements by providing features such as data validation, export capabilities, and integration with regulatory standards like LEI (Legal Entity Identifier) validation.

    Show full answer Show less

    Key Features

    • LEI Validation and Contract Management: Integration with the GLEIF API enables automatic LEI validation for entities, branches, and third-party providers, ensuring data accuracy. Duplicate DORA contract detection is available during manual entry and uploads.
    • Data Integrity and Validation: Field-level validations align with regulator requirements, including unique checks on combinations like License Activity, LEI, and Function Name. Enhanced date and monetary precision validations improve data quality.
    • Export and Reporting Enhancements: Export packages now support CSV format with multi-level validation (Level 1, 2, and 3) to ensure regulatory compliance. Reporting templates are regularly updated to reflect the latest regulator changes.
    • Extended Data Model and Usability: Support for multiple legal entities per contract, multi-selection of business capabilities/services/processes, and new function types like Business Capability are included. Template downloads assist with data uploads, and dropdown options in Excel templates simplify data entry.
    • Additional Identification Codes: New fields and choices such as "EUID" enable more detailed identification of ICT third-party service providers and their ultimate parents, improving third-party governance.
    • Error Handling and Internationalization: Improved error messaging supports multiple languages, and issues with duplicate records, cascading updates, and dictionary problems have been fixed.

    What to Expect

    • Improved accuracy and compliance through automated validation against authoritative sources like GLEIF.
    • Easier data management with enhanced templates, drop-down options, and multi-entity support.
    • Stronger regulatory alignment with continuous updates to data models, field validations, and export formats.
    • Reliable reporting and export functionality with multi-level validation to reduce errors during submissions.
    • Enhanced user experience via internationalized error messages and prevention of duplicate or inconsistent records.

    ServiceNow customers leveraging Digital Operational Resilience Management can expect streamlined operational resilience reporting, better data governance for third parties and contracts, and alignment with evolving regulatory expectations.

    Version history for the Digital Operational Resilience Management application on the ServiceNow Store.

    Important:
    For details on system requirements and family compatibility, view the application listing on the ServiceNow Store website.

    Version history

    Version 22.3.0 - June 2026 (Australia)
    • New: Added LEI validation against GLEIF API for legal entities, branches, and third-party providers- Introduced duplicate DORA contract detection during manual entry and upload- Added system properties for GLEIF API configuration (timeout, batch size, validation behavior)
    • Changed: Improved upload error messages with internationalization support- Enhanced LEI code handling to be case-insensitive- Updated monetary decimal precision configuration
    • Fixed: Resolved intra-group contractual arrangement deletion issues- Corrected supply chain cascading updates and deletions- Fixed date validation on specific information records- Addressed third-party engagement dictionary issues
    Version 22.0.1 - March 2026
    • New: Currency conversion for the contract value and Total expenses aggregation for third-party providers has been added.
    • Changed: The combination of License Activity, LEI of Entity, and Function Name must be unique per Regulator's doc and this check has been incorporated.
    • Fixed: Records with missing function numbers no longer cause Register of Information (ROI) download errors.
    Version 21.1.1 - December 2025 (Zurich)
    • New:
      • Digital Operation Resilience Management export package functionality has been updated to support the CSV format along with Level 1 and Level 2 validation requirements.
      • As part of export package, level 3 validations have been introduced to validate the generated package and provide the output of the validations along with the downloaded export package.
    • Changed: Any fields that need to be strict read-only have been updated appropriately in the dictionaries to prevent client side updates.
    • Fixed: Missing field level validations or failing validations have been addressed to confirm with regulator suggested field validations.
    Version 21.0.1 - August 2025
    • New: Field level validations have been added to meet regulator requirements.
    • Changed: This application data model has been updated to align with regulators data model.
    • Fixed: Translation issues have been addressed.
    Version 20.1.1 - May 2025

    New:

    • New:
      • Allow multiple legal entities using the service when creating DORA contract.
      • Include the choice/reference dropdown options in the downloaded MS Excel files.
      • Button to download templates on Upload request page.
    • Updated: Updated reporting template to reflect latest regulator changes.
    • Fixed:
      • Prevent duplicate record creation for Legal Entity, Branch and DORA contract records.
      • Translation issues have been handled.
      • Allow multi-selection on Business Capability/Business Service/Business Process/Service Offering in the Function record
    Version 20.0.10 - March 2025
    • New:
      • 'Business Capability' has been added as a Function type that can be selected from a drop-down list on a Function record. The Business Capability records being referenced are from the cmdb_ci_business_capability table.
      • The 'Business Capability' field is now available as a Function type option for a Function record on the Vendor Risk Management Workspace.
      • Added the following new fields for Third parties and Third-party engagements "Type of additional identification code to identify the ICT third-party service", "Additional identification code of ICT third-party service provider", "Legal name of the ICT third-party service provider". Added "EUID" as a choice for "Type of code to identify the ICT third-party service provider's ultimate parent" and "Type of additional identification code to identify the ICT third-party service" for third parties and third-party engagements. If supply chain records, assessment records, or contract records are associated with a third party or third-party engagement that uses "EUID" code type, all relevant code type fields are auto-filled.
    • Fixed:
      • Addressed the issue where the system was selecting incorrect choices when downloading a template and creating duplicate choices when uploading functions. Both the label and the category are used to find the correct choice to avoid duplicate choice options.
      • The column code numbers have been updated to align with the updated regulatory requirements. Additionally, the template has been updated to include new fields, such as 'Type of additional identification code to identify the ICT third-party service', 'Additional identification code of ICT third-party service provider', and 'Legal name of the ICT third-party service provider'. 'EUID' has been included as a choice for 'Type of code to identify the ICT third-party service provider's ultimate parent' and 'Type of additional identification code to identify the ICT third-party service'.
    Version 20.0.9 - February 2025
    • New: Added drop-down options to eight DORA excel templates
    • Fixed:
      • Functions identifier does not increment beyond F10
      • Functions form always throws error that "Date of the last assessment of criticality or importance cannot be a future date." when the date format in system properties is set to 'MMM-dd-yyyy', even though the date is in the past
      • When importing new Assessment from Excel, user does not enter "Is the ICT third party audited?" column, because the default value is "Yes", it complains that the "Date of the last audit on the ICT third-party service provider" is empty.
    Version 19.0.1 - November 2024
    Digital Operational Resilience Management is a common application used to store legal entities, branches, functions, third-parties, third-party engagements, and contracts for reporting.