Digital Operational Resilience Act (DORA)

DORA (Digital Operational Resilience Act) – Regulation (EU) 2022/2554 is a regulatory act of the European Union

that establishes uniform requirements for the operational sustainability of financial institutions in the context of digital transformation. DORA’s main goal is to ensure the financial sector’s resilience to cyber threats, IT disruptions, and other operational risks.

DORA is applied to a wide range of financial organizations, including banks, insurance companies, payment systems, crypto asset services, investment firms and other financial market entities. The standard also affects IT service providers who work with financial institutions (for example, cloud providers).
Financial institutions operating in the European Union shall provide reports to regulators on their operational sustainability and incidents. In case of non-compliance with DORA requirements, the regulator may impose significant fines and impose other sanctions against the Organization.

Our DORA compliance assessment methodology is based on the following key aspects:

  • Integrated approach. As part of the assessment, our team covers all areas described in the Act (IT risks, cybersecurity, incident management, resilience testing, third-party risk management)
  • Using best practices. As part of the assessment, our auditors rely on the application of international standards and frameworks such as ISO 27001, NIST, and COBIT.
  • Interaction with regulators. Our team regularly collects feedback on the results of the assessments from regulators and Customers. As part of the work with regulators, we acquire understanding of the requirements of the supervisory authorities and their expectations.
Contact us
Contact us to get advice on the Digital Operational Resilience Act (DORA), and we will get back to you!
Assessment stages
1
As part of the preparatory phase, we will define the goals and boundaries of the assessment, collect and analyze current policies and work regulations within the company, and prepare an audit plan
2
As part of the preparatory phase, we will define the goals and boundaries of the assessment, collect and analyze current policies and work regulations within the company, and prepare an audit plan
3
We prepare accounting documents to submit to the supervisory authorities, which provides an analysis of all identified shortcomings and strengths. We also prepare recommendations that propose measures to eliminate the identified problems and improve compliance with DORA requirements
Project outcomes
  • Based on the assessment results, we prepare:
  • Report for submission to the regulator
  • Action plan to eliminate the identified deficiencies (Roadmap)
  • As part of the support, we provide control over the implementation of recommendations and improvement of processes
  • If necessary, we schedule a repeat audit