Is your organization ready for DORA? Here's what you need to know

Announced as part of the new digital finance strategy, the Digital Operational Resilience Act (DORA), initiated by the European Union (EU), is harmonizing Information and Communications Technology (ICT) risk requirements across Europe, including the UK. 

DORA is a direct consequence of the several inconsistent, national, non-harmonized regulatory initiatives conducted over recent years, as Information and Communications Technology (ICT) risk has been addressed in different ways by various financial supervisors within the European Union (EU).

DORA is still being analyzed and discussed by the European Parliament and Council and should be ready to go into action early 2022 - pushed back from the end of 2021 date initially planned. However, progress shows that the Council adopted a general approach on the Commission's proposal. Negotiations with the European Parliament will follow.

Regardless of DORA’s delay, its scope and criteria remain the same. DORA will target the financial services industry and banking sector, as well as the critical ICT service providers found within the perimeter of their third-party business relations. This means that the regulations will also apply to a considerable number of companies that were never subject to specific ICT regulations previously.

Compliance in a short timeframe

DORA will require all organizations to implement secure technology strategies and processes to raise overall supply chain resilience. Cyber risk management strategies and third-party risk management programs in particular need to evolve to address DORA’s five key pillars:

• ICT Risk Management
• ICT Incident Reporting
• Digital Operational Resilience Testing
• Information and Intelligence Sharing
• ICT Third-Party Risk Management

The timeframe for meeting compliance standards will be relatively short, despite the complexity expected with the new framework. Understanding DORA, as well as acknowledging its roadmap and timeline, is important for all eligible firms so that CIOs, CISOs, and compliance managers can start planning immediately and hit the ground running when it’s time.

Bitsight can help your organization find the best path for this journey. With a suite of solutions based on industry-leading Security Ratings service, Bitsight helps firms identify risk in their digital ecosystems, enabling security teams to prioritize resources to remediate the most high-stakes vulnerabilities.

By trusting Bitsight to help you get on track with DORA, you will have access to:

• Data-driven insights on how to meet industry standards and regulatory requirements.
• Continuous monitoring of your attack surface so that you can regularly assess your entire security program with real-time data, and remediate any gaps in controls.
• Sound security program governance over your organization’s evolving first-, third-, and fourth-party footprint that takes into account your risk appetite.
• Evidence-based strategies and assurance to drive confidence in your security program.

And most importantly: We will be there with you every step of the way. To learn more about how Bitsight can help your organization comply with DORA, please check our Solution Brief, and read our DORA eBook prepared as a comprehensive guide to the upcoming regulatory requirements. You can also check our webinar discussing DORA to know more about using Third-Party Risk Management to harmonize ICT risk in the EU financial sector.