Get In Touch

DORA

DORA

helping you safely navigate the new Digital Operational Resilience Act

The EU has now formally adopted it’s latest operational resilience legislation, The Digital Operational Resilience Act, more commonly known as DORA, with a deadline of 17 th January 2025 for those organisations affected.

With new technology and digital transformation, comes a new set of associated risks that need to be addressed and DORA takes the existing legislative requirements a step further.

DORA’s aim is to establish a set of uniform requirements for the operational resilience of financial entities, and their critical 3 rd part suppliers, in the EU. 3 rd party suppliers could include areas such as IT & Technology and data management.

Not only does the new legislation increase the operational requirements, it also broadens the organisations in scope of the new legislation. DORA will impact any financial institution that needs access to or operates within the EU market, as well as any critical supplier to those financial institutions. Additionally, the ESA (European Supervisory Authorities), the organisations that supervise EU financial markets, can now designate who these critical 3rd party suppliers using various criteria including the impact of large, system wide operational failure or sustainability.

But what do you need to do to remain compliant with the new legislation? There are 5 Key areas:

ICT Risk Management

DORA provides guidelines for advanced risk management frameworks across the FS sector. With ever increasing digital evolution and an increase in cyber-attacks, DORA sets out the requirement for increased safeguards across the FS and supplier ecosystem.

More Information

Incident Reporting

DORA requires faster reporting of incidents and seeks rapid investigation and response to mitigate the impact of any breach.

Supply Chain Risk Management

FS organisations will impose requirements on your critical supply chain and also require operational strategies to be in place to manage any potential off boarding and on boarding of existing and new suppliers.

Resilience Testing

DORA details that risk assessments should provide the guide to design and execute resilience testing across the organisation, helping to get ahead of any issues before the potentially pose a threat.

This will also include developing transition plans for critical suppliers because of risk of failure or concentration risk.

Information sharing

DORA hopes that by encouraging the sharing of threat information, threat actors and other cyber threats, will make the industry a whole, more agile and resilient to the ever increasing threats of cyber- attack.

  • Incident preparedness – do you understand the risks to your organisations? What risk assessments have you done and how has that guided your risk management strategy?
  • Incident response management – what do you do when you’ve had a breach? Who does what? When? And why?
  • Incident response recovery – how do you understand why it happened? What do you do to protect about this in the future?

Get In Touch

If you have a matter that you would like to discuss then please do not hesitate to contact our team on 0161 000 000 or alternatively you can fill out our online enquiry form below.