Search
Close this search box.

DORA Compliance

The Digital Operational Resilience Act (DORA Compliance), is one of the newest mandates governing how EU financial services organizations manage IT and cyber risks. Its goal is to strengthen the resilience of those operating in the EU financial sector by streamlining and upgrading existing rules and bringing in new requirements to address cybersecurity gaps. Notably, it requires companies to enhance risk management, incident reporting processes, testing, and compliance related to critical third-party partners.

How Do DORA and GDPR Compare?

No doubt your organization already has documented security policies in place for GDPR, but these will need to be supplemented and updated for DORA . DORA requires a risk assessment for each major change in the network and information system infrastructure, in the processes, or procedures, affecting their functions, supporting processes, or information assets. In certain cases, this will align with Data Protection Impact Assessments (DPIAs) under GDPR and can serve as the initial risk assessment to determine if the change will require a DPIA to be conducted.

Alternatively you could Download our Guide for DORA Compliance.

IBM i Complying with DORA

It’s important to remember that DORA is not a Directive, it’s a Regulation. This means all EU Member States must prove compliance by Jan. 17, 2025, which the European Council has the power to enforce. DORA extends the Network and Information Security (NIS2) Directive, which specifies cybersecurity measures required for the protection of critical infrastructure.
  • Information Communication Technologies (ICT)
    • Focus on internal governance and control processes for effective ICT risk management.
    • Ensure management team keeps abreast of risk levels.
    • Implement an internationally recognized information security management system.
  • Classification and Reporting of ICT-related Incidents
    • Detect, manage, and alert appropriate personnel of ICT-related incidents.
    • Classify incidents according to factors such as geographic scope and duration.
  • Digital Operational Resilience Testing
    • Evaluate readiness for managing cybersecurity incidents; spot flaws, shortcomings, and gaps in digital operational resilience; and swiftly put corrective measures in place.
    • Test critical ICT systems and applications annually.
  • Information and Intelligence Sharing Between Financial Entities
    • This includes any indication of: Compromise, Tactics, techniques, and procedures (TTP), Cybersecurity alerts
  • Vendor Management
    • Adopt and review an ICT third-party risk strategy.
    • Maintain a Register of Information outlining all contractual arrangements with ICT third-party service providers.

iSecurity Suite for DORA

Contact Us

Please fill in the following Form, our Sales Representatives will contact you as soon as possible.