Digital Operational Resilience Act - DORA What is DORA? In response to the continual surge in cyberattacks and the growing reliance on technology, financial institutions find themselves obliged to embark on transformation projects and remediation initiatives to align with the latest regulatory frameworks. The DORA regulation will apply from 17 January, 2025.The Digital Operational Resilience Act (DORA) is a new regulation adopted by the European Parliament that applies to the financial sector. It was adopted by the European Council in November 2022 and published in December 2022. DORA’s objective is to strengthen and harmonise the "digital operational resilience" of the financial sector within the European Union.DORA establishes a set of requirements aimed at enhancing the level of digital operational resilience of financial institutions within the European Union, and their ICT service providers irrespective of their location, by proposing a harmonised approach to existing rules, where they exist. What are the key requirements of DORA compliance? Requirements are organised around five key pillars: Management of risks related to Information and Communication Technology (ICT) Management and reporting of incidents related to ICT Digital Operational Resilience Testing Management of risks related to third-party ICT service providers Sharing information and intelligence related to cyber threats DORA regulation key dates Effective on January 16, 2023, financial institutions have approximately 24 months to comply with the DORA regulation. During this period, it will be supplemented by several Regulatory Technical Standards (RTS) / Implementing Technical Standards (ITS) developed by the European supervisory authorities. These will provide detailed specifications for the technical implementation of certain requirements of the regulation. How can we help?Protiviti offers comprehensive support throughout the entire DORA journey towards heightened digital resilience utilising specially designed tools to analyse your current maturity level, pinpoint areas for improvement in each chapter, and propose tailored measures for regulatory fulfillment, supporting you to operationalise against DORA expectations, and embedding an enduring capability.Our expert teams possess the essential skills, knowledge, and specialised experience. With ongoing training and relevant professional certifications in IT audit, cybersecurity, and project management including CISA, CISM, CISSP, ISO 27001, ISO 22301, TOGAF, ITIL, OneTrust, we demonstrate a commitment to maintaining the highest level of expertise. Leadership Milena Danielsen Strategy planning & implementation Leadership sparring partner Next gen organisations & ecosystems. Milena is a highly skilled leader with a passion for changing and challenging environments. She has more than 15+ years of experience of ... Learn more Whitepaper May 28, 2024 DORA Compliance: Untangling Key Hurdles to Implementation The Digital Operational Resilience Act (DORA), or more formally known as Regulation (EU) 2022/2554, took effect on 16 January 2023, with final industry compliance required by 17 January 2025. The regulation underscores the importance of digital operational resilience in today’s increasingly interconnected and digitized landscape and seeks to expand the reach of... Read more