DORA – What you need to know

The purpose of the EU’s new Digital Operational Resilience Act (DORA) is to ensure the safety and security of the financial sector’s digital infrastructure. DORA outlines a framework of rules and requirements for financial institutions, market infrastructure providers, and digital service providers. Here are the top things organisations need to know about DORA. 

  1. Scope and Coverage – DORA aims to strengthen the digital operational resilience of the entire financial sector. This includes payment service providers, digital asset service providers, and market infrastructure providers, among others. 
  2. Cybersecurity and IT Risk Management –  Organisations need to have robust cybersecurity and IT risk management frameworks that ensure the safety and security of their digital systems and services. DORA emphasises the need for risk-based cybersecurity practices and threat intelligence sharing. 
  3. Incident Reporting – DORA mandates that organisations report significant incidents to relevant authorities. DORA aims to create a unified reporting system that enhances coordination and information sharing between financial institutions, market infrastructure providers, and digital service providers. 
  4. Outsourcing and Third-party Risk Management – DORA emphasises the need for organisations to assess, manage, and monitor the risks associated with outsourcing digital services to third-party providers. It recommends that organisations conduct due diligence assessments before outsourcing services. 
  5. Business Continuity Management – The proposal requires organisations to have effective business continuity management plans in place to ensure that they can withstand and recover from significant operational disruptions. 
  6. Testing and Scenario Planning – DORA emphasises the importance of regular testing and scenario planning to assess an organisation’s resilience to various operational risks, including cyber threats, technology failures, and natural disasters. 
  7. Supervision and Oversight – National supervisory authorities will have a supervisory role in ensuring that organisations comply with the new rules and requirements.  
  8. Incident Response and Remediation – Organisations should have effective incident response plans in place to detect, respond to, and remediate significant incidents. DORA emphasises the importance of cooperation and coordination between organisations and relevant authorities in incident response and remediation efforts. 

In conclusion, the Digital Operational Resilience Act is a comprehensive framework of rules and requirements aimed at ensuring that the digital infrastructure of the financial sector is safe and secure. Applicable from 17th January 2025, organisations will need to assess their digital operational resilience against the requirements and take appropriate measures to comply with the new rules.  

If you would like to know more about how to streamline your risk and compliance needs, contact us or request a free tailored demo today.


Recent News

CalQRisk Wins Best RegTech Solution at National Fintech Awards

CalQRisk, a leading provider of Governance, Risk & Compliance solutions has won the ‘Best Regtech Solution Award’ at ...
Read More

CalQRisk shortlisted in National Fintech Awards

The CalQRisk solution is shortlisted for ‘Best Regtech Solution Award’ at the inaugural National Fintech Awards. The National ...
Read More

CalQRisk shortlisted in 2023 CIR Risk Awards

Having won ‘Risk Management Product of the Year’ at the 2022 CIR Risk Management Awards, CalQRisk is now ...
Read More

From Risk Capacity to Risk Appetite

Risk Capacity is the maximum amount of risk that an organisation is technically able to assume before breaching ...
Read More

SMT automates their approach to Risk Management with CalQRisk

SuMi TRUST Global Asset Services (“SMT”), a subsidiary of Sumitomo Mitsui Trust Bank Limited, one of the largest ...
Read More

Digital Operational Resilience for the Financial Sector Act (DORA)

The Digital Operational Resilience Act (DORA) entered into force on 16th  January 2023. It outlines EU regulations for information ...
Read More

8 Things to Consider in a Data Breach Response

A data breach can lead to reputational damage, financial losses and much more. By effectively preventing and investigating ...
Read More

The Golden Thread – Governance, Risk & Compliance

A joined-up approach to governance, risk and compliance (GRC) is something all GRC practitioners aspire to – but, ...
Read More

Dark Patterns, Hidden in Plain Sight

If you’ve spent any time on the internet, chances are you will have experienced ‘Dark Patterns’ and may ...
Read More

Over 100 Credit Unions Now Using CalQRisk

CalQRisk now has over 100 credit unions actively using their Governance, Risk Management and Compliance solution across the ...
Read More