Latest News

DORA: Five steps to compliance

By staff reporter

As the deadline for compliance with the Digital Operational Resilience Act, or DORA, draws near, global cyber security and investigations consultancy S-RM has identified five steps for financial institutions and their ICT providers to follow in order to achieve compliance.

DORA establishes an EU-wide oversight framework designed to ensure the financial sector can withstand severe operational disruptions. Covering over 20,000 entities, including financial institutions, credit rating agencies and ICT service providers, the regulation introduces strict requirements for cyber risk management, incident reporting, resilience testing and third-party risk monitoring.

Katherine Kearns, head of proactive cyber services at S-RM, comments: “While DORA may seem complex, it essentially aggregates and prioritises many of the cyber security practices that financial entities in Europe have already been working towards. By focusing on the actionable steps outlined, organisations can not only meet compliance requirements but also strengthen their overall resilience to cyber threats."

DORA represents both a challenge and an opportunity for the organisations that will be brought within its scope, including those companies headquartered in the UK with service offerings in the EU. To help organisations prepare, S-RM recommends the following steps:

1. Conduct a gap analysis to identify weaknesses against DORA’s requirements and establish a targeted plan to address them.

2. Educate management on their responsibilities under DORA and adopt a top-down approach to cyber security.

3. Test incident preparedness and recovery with key business and IT stakeholders.

4. Ensure readiness to classify and report security incidents to relevant authorities within 24 hours.

5. Update contractual relationships with relevant ICT third parties to include obligations around information security and risk management as well as rights for inspection, access to information and secure exit strategies.

The deadline for compliance with DORA is 17th January 2025.


Share Story:

YOU MIGHT ALSO LIKE

TT Club raises safety concerns over ebike use in ports

UK cyber risk ‘widely underestimated’ warns NCSC

M&A insurance policy usage surges


BANNER

Investec is disrupting premium finance – Podcast
Investec made waves in entering the premium finance market, where listening and evolving in response to brokers made a real difference.

Communicating in a crisis
Deborah Ritchie speaks to Chief Inspector Tracy Mortimer of the Specialist Operations Planning Unit in Greater Manchester Police's Civil Contingencies and Resilience Unit; Inspector Darren Spurgeon, AtHoc lead at Greater Manchester Police; and Chris Ullah, Solutions Expert at BlackBerry AtHoc, and himself a former Police Superintendent. For more information click here

Advertisement
© 2019 Perspective Publishing     Privacy & Cookies