Is a European Directive, passed into law, aimed at enhance digital resilience in the EU financial sector.
What Is DORA?
Digital Operational Resilience Act (DORA) is an EU regulation set to be effective on January 17, 2025, aimed at enhancing the digital resilience of financial institutions. It consolidates various existing ICT risk management regulations and recommendations into a unified framework. This integration simplifies compliance by providing a single set of guidelines for financial entities, including banks, insurers, and investment firms.
DORA emphasizes robust ICT risk management and regular testing, requiring financial institutions to assess and mitigate digital risks effectively. It also introduces clear accountability and liability for senior management, ensuring they oversee the implementation of these resilience measures. The overarching goal is to fortify the financial sector’s ability to withstand and recover from digital disruptions.
What’s The Impact For Business
Challenges & Financial Impact
Mandatory incident reporting to financial regulators, with a focus on root cause analysis and incident containment.
Noncompliance can lead to significant penalties, including daily fines of 1% of average daily global turnover for up to six months.
Noncompliance could lead to administrative sanctions, including the cessation of practices, financial sanctions, data transfer records access, and public notices of violations.
Individual board members may face liability for failure to meet obligations under DORA
DORA's 5 Pillars bring a new way for companies to look at their current ICT Security Programs
How Stefanini Can Support DORA’s 5 Pillars
ICT Risk Management
Stefanini can help your teams with identifying the main areas of risk, co-working with you to provide consistent evaluation End to End
Managed Security Services:
- Security Monitoring (NSOC)
- Detection & Response (MDR)
- Vulnerability Scanning (VMS)
- Threat Intelligence (TI)
- Security Platforms Support & Management
Advisory Services:
- Governance, Risk, Compliance & Privacy (GRC-P)
- Regulatory Compliance
- Consultancy & Assessment Services
ICT Incident Reporting
By creating Processes and Playbooks for Incident Response, these can go hand in hand with Incident Reporting and Recovery
Managed Security Services:
- Security Monitoring (NSOC)
- Detection & Response (MDR)
- Phishing Detection & Response (MPDR)
Cyber Resilience Services:
- CSIRT (Cyber Security Incident Response Team)
Digital Operational Resilience Testing
Customers will struggle both with skills and expertise, and the need to do rigorous independent testing. We can provide this in the following ways
Cyber Resilience Services:
- Ethical Hacking
- Penetration Testing
- Threat Hunting
- CSIRT (Cyber Security Incident Response Team)
- Security Platforms Support & Management
Advisory Services:
- Consultancy & Assessment Services
- Technology Implementation Services
ICT Third-Party Risk Management
Third Party Supply Chain and Vendor Risks is a process going from recommendation to enforceable
Advisory Services:
- Regulatory Compliance
- Consultancy & Assessment Services (third-party risk assessments)
Cyber Resilience Services:
- Penetration Testing
Information And Intelligence Sharing
While less of a core requirement, it is encouraged
Managed Security Services:
- Threat Intelligence (TI)
Advisory Services:
- Security Awareness & Training
Download The Digital Operational Resilience Act Brochure
EU Cyber Compliance Advisory
Learn how the Digital Operational Resilience Act (DORA) will strengthen digital resilience in the EU financial sector with rigorous ICT risk management and testing requirements. Effective from January 17, 2025, these new regulations will impact a broad spectrum of financial institutions.