top of page

Ready for DORA Regulation January 2025?

The EU has introduced a new regulation aimed at bolstering the digital operational resilience of financial entities operating within its borders. Known as the Digital Operational Resilience Act (DORA), this comprehensive framework establishes a set of rigorous information security and operational resilience requirements that financial firms must adhere to.

At its core, DORA mandates that financial institutions implement robust risk management frameworks, governance policies, and security strategies to identify, assess, and mitigate risks associated with their information and communication technology (ICT) systems. This includes conducting regular independent audits, implementing incident response and business continuity plans, also monitoring and testing ICT systems and security controls.

One of the key focus areas of DORA is third-party risk management. Financial entities must have a robust framework in place to identify, assess, and manage risks associated with their third-party service providers, ensuring that their partners adhere to the same high standards of digital operational resilience.

Additionally, DORA sets specific requirements for the use of cryptographic techniques, endpoint device security, and information sharing among financial institutions and regulatory authorities. Firms must also conduct regular digital operational resilience testing, including scenario-based testing and threat intelligence gathering, to assess their ability to withstand and recover from potential cyber threats and operational disruptions.

By establishing these comprehensive information security and operational resilience requirements, DORA aims to enhance the overall digital resilience of the financial sector in the European Union, safeguarding financial institutions and their customers from the ever-evolving cyber threats and operational risks that can disrupt critical financial services.

As financial firms navigate the complexities of DORA implementation, they must prioritise the development of robust governance frameworks, risk management strategies, and operational resilience capabilities to ensure compliance and protect their digital assets and operations from potential threats.

Fortis Cyber has the skillset and expertise to support organisations in getting ready for compliance. Time flies, and this regulation comes into effect in January 2025, so get your ducks in a row now.

9 views0 comments

Recent Posts

See All

TISAX and the Automotive Industry

What is TISAX? The automotive industry deals with numerous business-critical assets and confidential data particularly in relation to R&D, design data, technology, and prototypes. In order to systemat


bottom of page