Digital Operational Resilience Act (DORA)
With the entry into force of the Digital Operational Resilience Act (DORA), Regulation (EU) 2022/2554, the European Union is introducing new, stricter requirements for digital resilience in the financial sector. From 17 January 2025, all financial undertakings will be required to meet the requirements of DORA. This particularly concerns the topics of IT risk management, information security, IT service continuity management, business continuity management, crisis management and the management of third-party providers.What does DORA mean for your company?
-
Enhanced IT risk management requirements: Organisations must comprehensively identify, assess and manage IT risks to ensure the security and stability of their digital infrastructures.
-
Stricter monitoring of third-party providers: Financial companies must ensure that third-party providers that provide IT services also comply with the requirements of DORA and that risks are systematically managed.
-
Commitment to testing: Companies must carry out regular tests to ensure the resilience of their ICT systems. DORA extends these tests to include specific scenarios that cover natural disasters, widespread power outages, terrorist attacks and insider attacks, among other things. These tests are not limited to technical functions, but also include testing of other test objects and plans from different management disciplines.
-
Increased reporting requirements: Serious ICT incidents must be reported quickly and comprehensively to BaFin as the central reporting hub for ICT incidents at financial companies.
-
Strengthening crisis management and crisis communication: Organisations must not only develop plans, but also define clear communication strategies and the corresponding policy for dealing with internal and external stakeholders in the event of IT incidents.
-
Regular training and awareness: Employees and managers must receive continuous training on IT risks and cyber threats to increase the protection of the company.
Our services for your digital resilience:
-
ICT risk management: We help you to establish a comprehensive risk management system based on the DORA requirements. We support you in identifying, assessing and monitoring IT risks.
-
ICT third-party management: Our experts will support you in reviewing and adjusting your contracts and agreements with third-party providers to ensure that they meet the new regulatory requirements.
-
Crisis management and business continuity: Prepare for unexpected IT incidents. We work with you to develop customised emergency plans and ensure that your crisis management is strengthened so that you can react quickly to IT disruptions.
-
Regular IT audits: We carry out regular audits to ensure that your IT systems meet DORA requirements and that potential vulnerabilities are identified and addressed at an early stage.
Why choose us?
With our extensive expertise in the field of digital resilience, we are the ideal partner to prepare your company for the requirements of DORA. Our customised solutions ensure that your critical business processes remain stable even in times of crisis and that your IT risks are optimally managed.
Frequently asked questions (FAQs)
-
What is the Digital Operational Resilience Act (DORA)? DORA is an EU regulation that requires the financial sector to implement measures to ensure digital resilience and effectively manage IT risks.
-
Which companies are affected? All financial companies that come under the supervision of European regulators, such as banks, insurance companies, capital management companies and payment institutions.
-
What happens in the event of non-compliance? Companies that fail to meet DORA requirements can face severe penalties and fines.
-
How can you improve your IT resilience? By implementing a comprehensive IT risk management programme that is tailored to your organisation's specific needs. We can help you get there.