This guide will introduce you to key elements of the DORA (Digital Operational Resilience Act) framework, such as:
For organisations operating in the financial sector, government interference and regulatory oversight are nothing new. It stands to reason, of course: finances dictate so much of how a country and society functions that the power of government could be hobbled should the financial sector be struck down or left impotent. Furthermore, a secure financial market draws business to itself, which is obviously desirable for all governments.
In 2020, the ESRB (European Systemic Risk Board) examined systemic cyber risk in the EU financial sector. The resulting report found that the primary risks arose from key developments in modern networks and ways of doing business:
It was a combination of these factors that led the EU to create DORA. As a regulation, DORA will be enforced from a fixed date regardless of what any member state does. Some countries may apply more restrictive conditions, but it is not possible for any of them to override DORA to relax requirements.
Buy this guide today and begin your DORA compliance journey.
Andrew Pattison is the head of GRC consultancy at IT Governance Europe. He has been working in information security, risk management and business continuity since the mid-1990s, helping large international organisations across many sectors. Andrew is a certified auditor, as well as holding CISM® and CRISC® certifications. He has provided extensive training in multiple GRC fields and is an approved APMG trainer.