BUSINESS INSIGHTS
MOVING FORWARD , ALL ENTERPRISES HAVE TO CONSIDER THEIR THIRD- PARTY PROVIDERS ’ SECURITY , AS WELL AS WHERE THEIR CUSTOMER DATA IS STORED AND TO WHAT EXTENT THEY CAN AUDIT THE SERVICES OF THE PROVIDER .
existing contracts and assessing ICT thirdparty risks on a regular basis .
A gap analysis is a strategic planning method that involves comparing an organisation ’ s current performance to its desired performance . In the case of DORA ,
a gap analysis would be used to identify and address gaps in company ’ s current ICT policies .
Assessing third-party risk will also be key . This is particularly true in the wake of the CrowdStrike outage in July 2024 , which disabled an estimated 8.5 million Microsoft devices and affected businesses around the world . Regulatory bodies will be extra cautious and monitoring organisations to ensure this kind of event never happens again .
Moving forward , all enterprises have to consider their third-party providers ’ security , as well as where their customer data is stored and to what extent they can audit the services of the provider . Most importantly , financial institutions need to hold their vendors accountable .
The more prepared firms would have implemented a centralised contract lifecycle management ( CLM ) system to automate vendor risk assessments and contractual agreements to ensure that they met the new standards . Others may still have gaps in their third-party risk oversight and any new contracts will pose further compliance issues .
CLM and contract intelligence software enable organisations to extract commercial terms from a contract and transform them into verified data . As this can be done in bulk , it allows for a much more efficient process when it comes to identifying risks . Artificial Intelligence ( AI ) can also be utilised to identify any potential risks and suggest alternative language to mitigate these risks .
2025 : Navigating the regulatory landscape
Now that DORA has been fully implemented , the most important thing for financial organisations is to ensure that they understand the regulations fully and keep on top of their contracts , existing and new , including with partners and third parties in order to prevent falling foul of compliance . DORA is not a one-time effort and in the post-DORA landscape , organisations will need to be agile and prepared for any potential changes in future legislation . Operational resilience is now a strategic imperative .
The best way to approach this for a business is to review their data and systems , establish and invest in the right technologies to ensure that they are in the best position to adapt to regulatory updates or changes and navigate the everchanging business landscape . x
68 www . intelligentcxo . com