The European Union established the DORA regulation in September 2020 to harmonise the security of network and information systems in the financial sector. This regulation contains a single set of requirements for digital business resilience and covers a wide range of sectors such as credit institutions, insurance companies, credit rating agencies and third-party ICT service providers. The Regulation will enter into force on 17 January 2025 in all member states.
The requirements based on DORA are divided into five pillars. The proposed solutions for each pillar are summarised as follows:
1 – ICT Risk Management:
This pillar requires organisations to establish robust internal governance and control frameworks by mandating the comprehensive identification, assessment and mitigation of ICT risks.
2 – ICT Incident Management:
Rapid and effective management of cyber incidents and operational disruptions underpins this pillar. Organisations must develop a consistent process to detect and manage significant cyber incidents and duly report them.
3- Third Party Risk Management:
Third-party service providers play a critical role in today’s interconnected financial ecosystem. This pillar emphasises the importance of carefully managing the risks arising from these external partnerships. It requires organisations to conduct thorough assessments and develop sound contractual relationships with third parties.
4-Holistic Approach:
With DORA’s guidance, organisations can establish a harmonious and flexible structure while integrating with standards. This approach opens the door to continuous improvement by encouraging comprehensive risk management and innovative solutions. Information sharing and collaboration strengthen organisations’ digital resilience.
5-Digital Operational Resilience:
Requires organisations to conduct drills, cyber exercises, and simulations to test their digital resilience and identify weak points. This is important for revealing weak points and creating action plans to address them.
DORA is a revolutionary development in the financial and IT sector and encourages organisations to increase their operational resilience in the digital space. As CFECERT, we offer more information on Certification and Training to organisations wishing to overcome the complexities of DORA. You can reach us at info@cfecert.co.uk.
