With the Digital Operational Resilience Act (DORA), the European Union is creating a framework for digital operational resilience in the financial sector. DORA standardizes and broadens existing requirements and defines cybersecurity, ICT risk and digital operational resilience requirements, including the management of third-party ICT providers. DORA requires immediate compliance by January 17, 2025. As experts in regulatory compliance, we can help you with your implementation. Start now.
Find out more!Today, digital technologies are fundamental components of the business processes of financial firms. Many of these financial firms rely on third-party ICT service providers. The growing reliance on digital technologies is not only associated with an increasing number of cyber-attacks, but also with IT problems such as system failures or disruptions. This poses a significant risk to the digitalized financial world. The ECB, EBA and AFS are already warning of the high IT risks.
The Digital Operational Resilience Act (DORA) consolidates existing regulations (BAIT, VAIT, ZAIT, etc.) and regulates the supervision of ICT service providers and cyber risks in the financial sector. Its implementation is a major challenge for financial institutions. The regulation contains many highly complex requirements, making it difficult for financial institutions to implement all of them correctly. Failure to implement by the 17/01/2025 deadline can also result in significant penalties.
In addition, the requirements are not expected to be finalized until June 2024. From that date, financial firms will have an implementation period of approximately six months. The control and monitoring tasks for third-party ICT providers must also be implemented within this tight timeframe. These will also need to comply with the requirements of the DORA regulation.
DORA is an EU-wide framework to manage cybersecurity and ICT risks in the financial sector.
Quote Preparation
During the initial meeting, we will identify your requirements in relation to the DORA regulation and create a project scope overview. Using this information, we will prepare a customized offer for an initial readiness check.
Readiness Check
We conduct stakeholder interviews following standardized procedures and present an overview of any deviations from the DORA regulations that apply to your organization. Based on this, we will provide you with a catalog of measures tailored to your specific needs, including prioritization. These measures will cover internal guidelines, ICT service providers, and IT systems. The defined measures will also help improve cooperation with your ICT service providers. Finally, we will present you with specific recommendations for implementation.
Support during Implementation
Based on the analysis results, we collaborate with you to implement the requirements in your company. We can support you in conducting the risk analysis or take full responsibility for it. Additionally, we can act as the DORA officer on an interim basis, providing you with the best possible assistance in meeting the requirements on schedule.
Planning and Management
We will schedule a kick-off meeting with you to identify the relevant stakeholders in your company. Based on this information, we will then coordinate the team composition, as well as the resource and time planning for both sides.
Analysis of Organizational Structure and Documentation
We identify the processes and standards that apply to your corporate context and review your internal guidelines and organizational structure. We take note of all relevant or critical ICT service providers, IT systems, and ICT infrastructure, and check the associated contracts for conformity.
Efficient Project
Structure
Experienced Team +
extensive Know-How
Profound knowledge
of the financial industry
Let's schedule a noncommittal initial meeting to get to know you and your company better and determine your current status regarding DORA implementation. Together, we will agree on the necessary steps for your DORA implementation.
DORA Readiness Check: After gathering the necessary insights, we will prepare a customized offer for a DORA Readiness Check. Following the analysis of the situation, we will offer active assistance during implementation and support you throughout the entire project. You can decide whether you require our help for specific tasks or complete project management of your DORA project.
Katharina Siemund
Product Line Manager
Governance, Risk & Compliance / IT-Security