Dora: A guide to the EU digital operational resilience act

DORA - A guide to the EU Digital Operational Resilience Act

This guide will introduce you to key elements of the DORA (Digital Operational Resilience Act) framework, such as:

• The implementation process;
• Risk management;
• Incident response and reporting;
• Digital operational resilience testing; and
• Information and intelligence sharing.

For organisations operating in the financial sector, government interference and regulatory oversight are nothing new. It stands to reason, of course: finances dictate so much of how a country and society functions that the power of government could be hobbled should the financial sector be struck down or left impotent. Furthermore, a secure financial market draws business to itself, which is obviously desirable for all governments.

In 2020, the ESRB (European Systemic Risk Board) examined systemic cyber risk in the EU financial sector. The resulting report found that the primary risks arose from key developments in modern networks and ways of doing business:

- High levels of interconnectedness across financial entities and markets.

- Interdependence between systems - e.g. payments systems, securities clearing and settlement, claims management, peer-to-peer finance, etc.

- Deepened interconnectedness between financial entities and third-party service providers and suppliers.

- Financial entities deploy services across national borders and cyber threats know no borders.

- Likelihood that vulnerabilities can propagate across the entire EU financial system, compromising stability of EU financial systems.

It was a combination of these factors that led the EU to create DORA. As a regulation, DORA will be enforced from a fixed date regardless of what any member state does. Some countries may apply more restrictive conditions, but it is not possible for any of them to override DORA to relax requirements.

Buy this guide today and begin your DORA compliance journey.

IT Governance Publishing (ITGP) is the world’s leading IT-GRC publishing imprint and wholly owned by IT Governance Ltd. ITGP provides books and tools covering all IT governance, risk management and compliance frameworks, producing unique and practical publications of the highest quality, in the latest formats available, and which readers will find invaluable.