-
DORA – Collection check list verification of compliance with Chapter II (TCI risk management) Digital Operational Resilience Act (EU Regulation 2022/2554)
Sale! Original price was: 998,00 €.499,00 €Current price is: 499,00 €. Add to cart and unlock the extra 20% discount -
DORA documentation kit – Language: English
Sale! Original price was: 998,00 €.499,00 €Current price is: 499,00 €. Add to cart and unlock the extra 20% discount -
DORA-Dokumentationskit – Digital Operational Resilience Act – Sprache: Deutch
Sale! Original price was: 998,00 €.499,00 €Current price is: 499,00 €. Add to cart and unlock the extra 20% discount -
Kit Audit Compliance DORA – vers. English
Sale! Original price was: 998,00 €.499,00 €Current price is: 499,00 €. Add to cart and unlock the extra 20% discount -
Kit de documentación DORA – Ley de resiliencia operativa digital – Idioma: español
Sale! Original price was: 998,00 €.499,00 €Current price is: 499,00 €. Add to cart and unlock the extra 20% discount -
Kit de documentation DORA – Digital Operational Resilience Act – en français
Sale! Original price was: 998,00 €.499,00 €Current price is: 499,00 €. Add to cart and unlock the extra 20% discount -
Kit documentazione DORA – Digital Operational Resilience Act – Language: italiano
Sale! Original price was: 998,00 €.499,00 €Current price is: 499,00 €. Add to cart and unlock the extra 20% discount
Obligations under the DORA Regulation
The DORA Regulation, once in force (15/1/2025), will require all affected entities to adopt specific technical and organisational measures to ensure digital operational resilience.
The financial institutions involved will have to prioritise the implementation of an ICT risk management process, aimed at identifying cyber threats in advance and minimising the impact of cyber incidents. The main responsibility for this process will lie with the company’s management body, which will have to assume ‘full and ultimate responsibility’ for:
- ICT risk management;
- The definition and approval of the digital operational resilience strategy;
- The review and approval of the company’s policy regarding third-party ICT service providers.
Risk Assessment Approach
In detail, the DORA Regulation establishes the adoption of a risk assessment approach that includes:
- The definition of requirements to harmonise the ICT risk management process with a comprehensive view of business processes;
- The creation of an ICT Risk Management Framework;
- The development of a resilient strategy for Disaster Recovery and Business Continuity.
Financial institutions will also need to be able to classify cyber threats and incidents related to ICT vendors, based on criteria established by the DORA Regulation, such as:
- The number and significance of customers or financial counterparties involved;
- The duration of the incident;
- The loss of data, assessing the availability, authenticity, integrity and confidentiality of the data.
Internal Procedures and Communication
Institutions should establish internal procedures to identify, record and categorise incidents, assigning roles and responsibilities and developing communication plans for stakeholders, including board members.
The classification and tracking of incidents are functional to the implementation of a reporting system to the competent bodies provided for in Article 46 of the DORA Regulation. This includes:
- A voluntary reporting of ‘significant cyber threats’, events assessed as relevant to the financial system, users and customers;
- A mandatory reporting of serious ICT incidents, within the time limits set out in Article 20 of the DORA Regulation.
-
DORA – Collection check list verification of compliance with Chapter II (TCI risk management) Digital Operational Resilience Act (EU Regulation 2022/2554)
Sale! Original price was: 998,00 €.499,00 €Current price is: 499,00 €. Add to cart and unlock the extra 20% discount -
DORA documentation kit – Language: English
Sale! Original price was: 998,00 €.499,00 €Current price is: 499,00 €. Add to cart and unlock the extra 20% discount -
DORA-Dokumentationskit – Digital Operational Resilience Act – Sprache: Deutch
Sale! Original price was: 998,00 €.499,00 €Current price is: 499,00 €. Add to cart and unlock the extra 20% discount -
Kit Audit Compliance DORA – vers. English
Sale! Original price was: 998,00 €.499,00 €Current price is: 499,00 €. Add to cart and unlock the extra 20% discount -
Kit de documentación DORA – Ley de resiliencia operativa digital – Idioma: español
Sale! Original price was: 998,00 €.499,00 €Current price is: 499,00 €. Add to cart and unlock the extra 20% discount -
Kit de documentation DORA – Digital Operational Resilience Act – en français
Sale! Original price was: 998,00 €.499,00 €Current price is: 499,00 €. Add to cart and unlock the extra 20% discount -
Kit documentazione DORA – Digital Operational Resilience Act – Language: italiano
Sale! Original price was: 998,00 €.499,00 €Current price is: 499,00 €. Add to cart and unlock the extra 20% discount
-
Compliance with Third Party ICT Service Providers
In the context of ICT risk management, the DORA Regulation also imposes obligations towards third-party suppliers, requiring:
- The identification, classification and documentation of all processes that depend on third-party suppliers;
- The inclusion of contractual clauses to ensure adequate monitoring of supplier activities on services critical to financial operations.
Information Sharing and Resilience Testing
The DORA Regulation also promotes, through Article 45, a voluntary cyber threat intelligence sharing programme among financial actors, aimed at preventing new threats and improving the resilience of the financial ecosystem.
Finally, financial institutions will have to regularly test their operational resilience through periodic tests based on the Threat Led Penetration Testing method, tailored to the size, type of business and risk profile of the institution.
