BUSINESS INSIGHTS
NAVIGATING THE POST- DORA LANDSCAPE
Businesses had two years to make sure they were compliant with The European Union ’ s Digital Operational Resilience Act . DORA was designed to accomplish two main things – to address ICT risk management in the financial services sector and to harmonise risk management regulations that already exist in individual EU member states . Jason Smith , Senior Principal , Strategy & Transformation at Conga , outlines how organisations can comply with the regulations .
The European Union ’ s ( EU ’ s ) Digital Operational Resilience Act ( DORA ) entered into force on January 16 , 2023 , with an application date set for January 17 , 2025 . The legislation , which mandates that financial institutions strengthen their IT security and operational resilience , has forced businesses to adopt stringent new protocols or face serious penalties . Now the transition period has drawn to a close , organisations need to remain vigilant and ensure that they and their partners are fully compliant .
As set out in the initial mandates , there are five core pillars to DORA . These include :
• ICT risk management – Financial institutions need to understand internal and external threats , evaluate their impact and develop appropriate strategies to mitigate them
• Incident reporting – Organisations must be transparent about data incidents and have robust systems to detect , report and analyse all incidents
• Digital operational resilience testing – Organisations must conduct a range of assessments and testing to demonstrate compliance and safety at all times
• Third-party risk management – Financial institutions have a responsibility to conduct due diligence and monitoring third-party risk
• Information sharing – This includes establishing a framework for information sharing and ensuring this is done confidentially and in compliance with current data protection laws
DORA was designed to accomplish two main things . Firstly , to address ICT ( information and communications technology ) risk management in the financial services sector to prevent or reduce the harm posed by cyberattacks , data leaks and outages . Secondly , to harmonise risk management regulations that already exist in individual EU member states .
Initially , organisations were concerned with the scope of the DORA mandates . According to a report by McKinsey ,
66 www . intelligentcxo . com