DORA requirements for the financial sector

Understanding DORA – Managing Risks – Strengthening Resilience

The DORA regulation affects financial companies and ICT third-party service providers in the EU, e.g. credit institutions, securities firms or institutions for occupational retirement provision. The measures are diverse: The focus is on the implementation of robust ICT risk management systems to identify and manage threats. As there will be a mandatory reporting of ICT-related incidents in the future, companies must build systems for the detection, classification and reporting of these incidents. Regular tests are required to check the resilience of systems and processes against cyber attacks – including Threat-led Penetration Testing (TLPT). Companies must also ensure that their third-party providers meet the requirements of DORA and therefore assess and manage the ICT risks emanating from the third-party providers. This applies in particular to ICT third-party service providers that are considered critical to the resilience of financial companies, such as cloud computing services or software-as-a-service solutions.

The implementation of DORA requires a structured approach – this is where we use our expertise: We review and evaluate your ICT systems and processes, check compliance with DORA and systematically identify possible adjustments. In this way, we pave the way for secure and resilient IT structures.