DORA
The Digital Operational Resilience Act (aka DORA) is a European Union regulation designed to improve the digital security of financial institutions, and their service providers, ensuring that they can withstand, respond to, and recover from all types of ICT (Information and Communication Technology)-related threats and disruptions. Prior to DORA, there was no framework in place for the management or mitigation of ITC risks within the entire European financial sector.
DORA introduces five key ideas:
ICT risk management and governance (implementing controls, data recovery plans, strategies for various cyber risk scenarios)
Establishing systems for incident reporting
Regular testing of ICT systems to assess protections and identify any vulnerabilities
Active risk management of third-parties
Be involved in incident learning processes and share threat intelligence.
DORA went into effect on January 17th 2025, and all entities and providers that fall into its scope must comply fully with its requirements, or be at risk of fines and penalties.
DORA introduces five key ideas:
ICT risk management and governance (implementing controls, data recovery plans, strategies for various cyber risk scenarios)
Establishing systems for incident reporting
Regular testing of ICT systems to assess protections and identify any vulnerabilities
Active risk management of third-parties
Be involved in incident learning processes and share threat intelligence.
DORA went into effect on January 17th 2025, and all entities and providers that fall into its scope must comply fully with its requirements, or be at risk of fines and penalties.
Updated on: 16/04/2025
Thank you!