The Digital Operational Resilience Act (DORA) is an EU regulation for banks and other companies providing financial services within the EU to ensure the resilience of IT systems and networks. Providers of critical software and services for this sector are also included within the scope.
DORA (2022/2554) is set to become compulsory starting January 17, 2025, with the European Central Bank (ECB) taking the lead in driving this regulation forward across the EU.
NIS2 (2022/2555), which was embraced by the EU simultaneously with DORA, shares a common objective. In both NIS2 and DORA, references and provisions are made to avoid overlapping regulatory requirements between DORA and NIS2.
DORA is designed with detailed requirements in the relevant areas and covers only Information and Communication Technology (ICT).
The requirements include the design of secure ICT systems, secure management, handling and reporting of incidents, as well as proactive testing of resilience. This encompasses both the organization's systems and those of third parties if outsourced services are used for the delivery of financial services, both within the group and with external parties.
The controls needed to comply with DORA should ideally be added to the existing Information Security Management System (ISMS) and monitored through the already established compliance framework to ensure regulatory compliance.
Cegal's consultants in information and cybersecurity have experience in establishing information security management systems for regulatory compliance.
Additionally, Cegal's cybersecurity experts can guide and navigate you through this complex technical area. We can help you stay ahead in securing your IT infrastructure with in-depth knowledge of on-premises solutions, cloud infrastructure and platforms, hybrid solutions, and multi-cloud infrastructure.