The purpose of the EU’s new Digital Operational Resilience Act (DORA) is to ensure the safety and security of the financial sector’s digital infrastructure. DORA outlines a framework of rules and requirements for financial institutions, market infrastructure providers, and digital service providers. Here are the top things organisations need to know about DORA.

Scope and Coverage – DORA aims to strengthen the digital operational resilience of the entire financial sector. This includes payment service providers, digital asset service providers, and market infrastructure providers, among others.
Cybersecurity and IT Risk Management – Organisations need to have robust cybersecurity and IT risk management frameworks that ensure the safety and security of their digital systems and services. DORA emphasises the need for risk-based cybersecurity practices and threat intelligence sharing.
Incident Reporting – DORA mandates that organisations report significant incidents to relevant authorities. DORA aims to create a unified reporting system that enhances coordination and information sharing between financial institutions, market infrastructure providers, and digital service providers.
Outsourcing and Third-party Risk Management – DORA emphasises the need for organisations to assess, manage, and monitor the risks associated with outsourcing digital services to third-party providers. It recommends that organisations conduct due diligence assessments before outsourcing services.
Business Continuity Management – The proposal requires organisations to have effective business continuity management plans in place to ensure that they can withstand and recover from significant operational disruptions.
Testing and Scenario Planning – DORA emphasises the importance of regular testing and scenario planning to assess an organisation’s resilience to various operational risks, including cyber threats, technology failures, and natural disasters.
Supervision and Oversight – National supervisory authorities will have a supervisory role in ensuring that organisations comply with the new rules and requirements.
Incident Response and Remediation – Organisations should have effective incident response plans in place to detect, respond to, and remediate significant incidents. DORA emphasises the importance of cooperation and coordination between organisations and relevant authorities in incident response and remediation efforts.

In conclusion, the Digital Operational Resilience Act is a comprehensive framework of rules and requirements aimed at ensuring that the digital infrastructure of the financial sector is safe and secure. Applicable from 17th January 2025, organisations will need to assess their digital operational resilience against the requirements and take appropriate measures to comply with the new rules.

If you would like to know more about how to streamline your risk and compliance needs, contact us or request a free tailored demo today.

Cookie	Duration	Description
cookielawinfo-checkbox-advertisement	1 year	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Advertisement".
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Others".
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Cookie	Duration	Description
IDE	1 year 24 days	Used by Google DoubleClick and stores information about how the user uses the website and any other advertisement before visiting the website. This is used to present users with ads that are relevant to them according to the user profile.
test_cookie	15 minutes	This cookie is set by doubleclick.net. The purpose of the cookie is to determine if the user's browser supports cookies.
VISITOR_INFO1_LIVE	5 months 27 days	This cookie is set by Youtube. Used to track the information of the embedded YouTube videos on a website.
YSC	session	This cookies is set by Youtube and is used to track the views of embedded videos.

Cookie	Duration	Description
yt-remote-connected-devices	never	No description available.
yt-remote-device-id	never	No description available.

DORA – What you need to know

Recent News

Paralympics Ireland choose CalQRisk to streamline their Governance, Risk & Compliance efforts

Changes to ISO 27001

DORA – What you need to know

ILCU and CalQRisk form Alliance

Top Cyber Risks in 2023

10 Things to Ask When Outsourcing / Choosing a Supplier

Top Risks for Charities in 2023

Featured Risk – Failure to appropriately address Climate Risk and broader ESG issues

CalQRisk wins CIR Risk Management Product of the Year

How to Prepare for Cyber Attacks

About Us

Solutions

Sectors

Resources

Sitemap

Our Solutions

Support & Legal

Contact Us

Want to find out more?