Digital Operational Resilience for the Financial Sector Act (DORA)

The Digital Operational Resilience Act (DORA) entered into force on 16th  January 2023. It outlines EU regulations for information systems security for financial entities.

The requirements cover several key areas, including: ICT risk management, ICT-related incident reporting, resilience testing, information and intelligence sharing and third-party ICT risk.

The Regulation covers most financial services entities, including third parties. While there are some organisations to which the Regulation does not apply, in time most organisations will aspire to comply with the guidelines.

ICT has gained a pivotal role in the provision of financial services, to the point where it has now become critical in the operation of daily functions of financial entities. In introducing this Act, the European Union is attempting to both upgrade the ICT requirements and consolidate them into one Union-wide Act. This will help reduce regulatory complexity, foster supervisory convergence and increases legal certainty. It will also reduce compliance costs, especially for financial entities operating across borders.

The regulation will become applicable in Jan 2025, so organisations must now begin to plan and implement the changes that will be required.

Begin with a DORA strategy that is in line with organisational goals.:

  • Explain how the framework supports the entity’s strategy and objectives.
  • Establish risk appetite /risk tolerance for ICT risks
  • Set out information security objectives and Key Performance Indicators (KPIs)
  • Establish Key Risk metrics / Key Risk Indicators (KRIs)
  • Articulate what, if any, changes are required in the existing ICT architecture/infrastructure
  • Be able to outline what’s in place to protect assets, detect incidents and mitigate their impact
  • Be able to demonstrate the effectiveness of controls based on incidents reported
  • Implement resilience testing, including; pen tests, open source analyses, source code reviews, scenario-based exercises and compatibility testing.
  • Communications strategy in the event of an incident.

There is much to be done and just 18 months left to do it. Organisations need to make a start now to ensure they are fully compliant by Jan 2025.

You can contact us directly to avail of a free tailored demo to see how CalQRisk can streamline risk management processes with these regulations.

 

 

Recent News

CalQRisk Shortlisted as Best Technology Partner in Housing Digital Innovation Awards

CalQRisk has been named a finalist in the Housing Digital Digital Innovation awards. CalQRisk is nominated as best ...
Read More

CalQRisk Achieves G-Cloud 14 Approved Supplier Status

Delighted to confirm that following on from our GCloud 13 supplier status, that CalQRisk has been listed as ...
Read More

CalQRisk named as Finalist for Cyber Security Provider of the Year at the Cyber Insurance Awards Europe

CalQRisk are thrilled to be finalists for the Cyber Security Solution Provider of the Year at the Cyber ...
Read More

Volunteer Succession Planning – ‘Tomorrow’ has arrived.

Strong succession planning is critical for the viability of all businesses but can be particularly challenging for volunteer-led ...
Read More

What is CSRD?

The Corporate Sustainability Reporting Directive (CSRD) is a framework for non-financial reporting which is mandatory for large companies ...
Read More

CalQRisk Triumphs at the 2024 FS Awards, Winning Compliance and RegTech Award

At a distinguished ceremony held at the iconic Mansion House, CalQRisk emerged as the proud recipient of the ...
Read More

NoFrixion Selects CalQRisk for its DORA Compliance Efforts

NoFrixion, the Embedded Banking company based in Dublin, Ireland, has announced its partnership with CalQRisk to ensure compliance ...
Read More

CalQRisk is a finalist in the FS Awards

CalQRisk has been named as a finalist in the competitive and prestigious FS Awards for the Compliance and ...
Read More

CalQRisk Customer Support Manager wins Rising Star at Irish Early Career Awards 2024

Congratulations to our Customer Support Manager, Eimear Farrell, who was named as a Rising Star in the Fintech ...
Read More

CalQRisk wins Pitch Competition at ESCO Cyber Solution Days Event, Kilkenny, September 2024

The Cyber Ireland (CI) CISO Forum and ESCO Cyber Solution Days event took place in the Lyrath Hotel, ...
Read More