With DORA (Digital Operational Resilience Act), the European Union is creating a framework for digital operational resilience in the financial sector. DORA standardises and expands existing requirements and sets out requirements for cyber security, ICT risks and digital operational resilience, including the management of third-party ICT providers. DORA requires compliance immediately by 17 January 2025. As an expert in the implementation of regulatory requirements, we support you in the implementation. Get started now.
Find out more!Today, digital technologies are fundamental components of the business processes of financial companies. Many of these financial companies are dependent on third-party providers of ICT services. The growing dependence on digital technologies is not only accompanied by an increasing number of cyberattacks, but also brings with it IT problems such as system failures or disruptions. This poses a significant risk for the digitalised financial world. The ECB, EBA and AFS are already warning of the high IT risks.
The Digital Operational Resilience Act (DORA Regulation) harmonises existing regulations (BAIT, VAIT, ZAIT, etc.) and manages the monitoring of ICT service providers and cyber risks in the financial sector. Its implementation poses major challenges for financial institutions. The regulation contains a large number of highly complex requirements, making it difficult for financial organisations to actually implement all requirements correctly. Failure to implement them on time by 17 January 2025 could also result in significant penalties.
What's more, the requirements are not expected to be finalised until June 2024. From this date, financial companies will have an implementation period of around six months. The control and monitoring tasks for third-party ICT providers must also be implemented within this tight timeframe. These must also fulfil the requirements of the DORA Regulation.
Quotation preparation
In an initial introductory meeting, we roughly identify your requirements against the background of the DORA regulation and create an overview of the project scope. Based on this, we create a customised offer for an initial readiness check.
Readiness Check
We conduct standardised stakeholder interviews and present the status quo with regard to deviations from the DORA regulations that apply to you. Based on this, you will receive a catalogue of measures tailored to your needs, including prioritisation. This includes measures relating to internal guidelines, ICT service providers and IT systems. The defined measures will also help you to improve collaboration with your ICT service providers. In a final presentation, we will provide you with specific recommendations for implementation.
Support with the implementation
Based on the results of the analysis, we work with you to implement the requirements in your company, support you in carrying out the risk analysis or take it over completely for you. We can also take on the role of DORA officer on an interim basis, providing you with the best possible support in implementing the requirements on time.
Planning and control
We hold a kick-off meeting with you to identify the relevant stakeholders in your organisation. On this basis, we coordinate the team composition on both sides as well as the resource and time planning.
Analysis of organisational structure
We identify the processes and standards that apply to you in your corporate context and review your internal guidelines and organisational structure. We record all relevant or critical ICT service providers and IT systems as well as the ICT infrastructure and check the associated contracts for conformity.
Efficient
project structures
Well-established team +
Extensive expertise
Sound knowledge
of the financial sector
Let us arrange an appointment for a non-binding initial meeting. We would like to get to know you and your company better and find out where you currently stand in terms of DORA implementation. Together we will agree on the necessary steps for your DORA implementation.
DORA Readiness check: Based on the findings, we prepare a customised offer for a DORA readiness check. Following this analysis, we will actively support you in the implementation and accompany you throughout the entire course of the project. You can choose whether you would like to utilise our support for specific tasks only or for the complete project management of your DORA project.
Katharina Siemund
Product Line Manager
Governance, Risk & Compliance / IT Security