DORA
Digital operationAL RESILIENCE ACT
Strengthening the resilience of ICT systems and processes
New EU regulation
What we know
With DORA (Digital Operational Resilience Act), the EU has introduced cross-sector regulations for the management of ICT risks in the financial sector. Banks, insurance companies and other financial players must make adjustments to their IT systems by mid-January 2025. DORA is intended to consolidate the previously inconsistent national regulations, as there are differences in the requirements and powers of the supervisory authorities. The background to this is the increasing data-driven value creation and the use of cloud sourcing in the financial industry, where supervision aims to accompany the industry and manage risks.
The most important changes relate to third-party ICT risks and resilience tests in the financial sector. In the future, outsourcing will require consideration of the concentration risk with third-party providers and the identification and special supervision of critical functions. Supervisory authorities receive extended rights of intervention, including the right to order contract terminations.
The frequency of penetration and stress tests will increase and a framework for tester requirements and qualifications will be introduced.
We provide you with full support:
- Carrying out gap analyses (-> BAIT)
- Revision of the written regulations (sfO) and the associated processes
- Implementation of measures in the area of detection & response such as SIEM, SOAR and XDR
- Carrying out security audits of individual service companies/service providers
- Implementation of penetration tests
- Conception and implementation of an individualized ISMS according to ISO 27001
Your contact
You can always reach us personally. Because loyalty based on partnership is far more important to us than short-term success.
Philipp Kalweit
Managing Partner
+49 40 285 301 257