Digital Operational Resilience Act DORA What is DORA? In response to the continual surge in cyberattacks and the growing reliance on technology, financial institutions find themselves obliged to embark on transformation projects and remediation initiatives to align with the latest regulatory frameworks. The DORA regulation will apply from 17 January, 2025.The Digital Operational Resilience Act (DORA) is a new regulation adopted by the European Parliament that applies to the financial sector. It was adopted by the European Council in November 2022 and published in December 2022. DORA’s objective is to strengthen and harmonise the "digital operational resilience" of the financial sector within the European Union.DORA establishes a set of requirements aimed at enhancing the level of digital operational resilience of financial institutions within the European Union, and their ICT service providers irrespective of their location, by proposing a harmonised approach to existing rules, where they exist. What are the key requirements of DORA? Requirements are organised around five key pillars: Management of risks related to Information and Communication Technology (ICT) Management and reporting of incidents related to ICT Digital Operational Resilience Testing Management of risks related to third-party ICT service providers Sharing information and intelligence related to cyber threats DORA regulation key dates Effective on January 16, 2023, financial institutions have approximately 24 months to comply with the DORA regulation. During this period, it will be supplemented by several Regulatory Technical Standards (RTS) / Implementing Technical Standards (ITS) developed by the European supervisory authorities. These will provide detailed specifications for the technical implementation of certain requirements of the regulation. How can we help?Protiviti offers comprehensive support throughout the entire DORA journey towards heightened digital resilience utilising specially designed tools to analyse your current maturity level, pinpoint areas for improvement in each chapter, and propose tailored measures for regulatory fulfillment, supporting you to operationalise against DORA expectations, and embedding an enduring capability.Our expert teams possess the essential skills, knowledge, and specialised experience. With ongoing training and relevant professional certifications in IT audit, cybersecurity, and project management including CISA, CISM, CISSP, ISO 27001, ISO 22301, TOGAF, ITIL, OneTrust, we demonstrate a commitment to maintaining the highest level of expertise. Leadership Laura Moore Laura is a Managing Director in Protiviti’s Risk and Compliance (R&C) practice with over 20 years financial services experience. She is the lead for the UK’s Operational Resilience team and has a deep understanding of the key operational resilience concepts and ... Learn more Digital Twins: Adopting a Data-Centric Approach to Mature Resilience A data-centric approach, where data plays a significant role in assessing resilience, is crucial. However, organisations often struggle with poorly governed, low-quality data that lacks integrity, availability and authenticity. Manual data sourcing further complicates matters, affecting timeliness and accuracy. Read more DORA Compliance: Untangling Key Hurdles to Implementation The Digital Operational Resilience Act (DORA), or more formally known as Regulation (EU) 2022/2554, took effect on 16 January 2023, with final industry compliance required by 17 January 2025. Read more