{"id":7806,"date":"2024-01-14T14:20:58","date_gmt":"2024-01-14T13:20:58","guid":{"rendered":"https:\/\/www.gpsj.co.uk\/?p=7806"},"modified":"2024-01-14T14:29:16","modified_gmt":"2024-01-14T13:29:16","slug":"understanding-dora-navigating-the-digital-operational-resilience-act","status":"publish","type":"post","link":"https:\/\/www.gpsj.co.uk\/?p=7806","title":{"rendered":"Understanding DORA: Navigating the Digital Operational Resilience Act"},"content":{"rendered":"\n

“What is the Digital Operational Resilience Act (DORA), and what will be the impact on your business?” asks Claire Agutter as she discusses the new DORA regulations.<\/strong><\/p>\n\n\n

\n
\"\"
Claire Agutter<\/figcaption><\/figure>\n<\/div>\n\n\n

The watchdog organisation, Which?, has warned about the consequences of transitioning to digital payments, highlighting that many financial institutions report failures and outages daily. While major outages like TSB have gained attention in the news, Which emphasises that this is a daily occurring issue and urges consumers to be cautious, and the new DORA regulations should help financial institutions to minimise the risk of hefty fines, over \u00a349m in TSB’s case.<\/p>\n\n\n\n

DORA is a significant development in EU financial regulation – the Digital Operational Resilience Act (DORA) – Regulation (EU) 2022\/2554. DORA addresses a crucial gap in managing operational risk for financial institutions, focusing on the protection, detection, containment, recovery, and repair capabilities against ICT-related incidents. DORA is binding and directly applicable in all EU Member States as a Regulation, not a Directive.<\/p>\n\n\n\n

In this article, Claire Agutter will discuss how financial institutions managed operational risk before DORA mainly through capital allocation, but this did not comprehensively cover all components of operational resilience. DORA introduces rules for managing ICT risk, incident reporting, functional resilience testing, and third-party risk monitoring. It acknowledges that ICT incidents and a lack of operational resilience can jeopardise the stability of the entire financial system.<\/p>\n\n\n\n

The financial landscape in the European Union (EU) is on the verge of a transformative shift with the imminent arrival of the Digital Operational Resilience Act (DORA) – Regulation (EU) 2022\/2554. This groundbreaking regulation aims to revolutionise financial institutions’ operational risk management, specifically focusing on the protection, detection, containment, recovery, and repair capabilities against ICT-related incidents. In this article, Claire will look at the significance of DORA for businesses beyond the financial sector, exploring its implications and offering practical tips for compliance.<\/p>\n\n\n\n

Traditionally, financial institutions managed operational risk through capital allocation. However, this approach fell short of ensuring comprehensive operational resilience. DORA fills this crucial gap by introducing rules for managing ICT risk, incident reporting, functional resilience testing, and third-party risk monitoring. The acknowledgement that ICT incidents can jeopardise the stability of the entire financial system underscores the urgency and importance of DORA.<\/p>\n\n\n\n

What does DORA Mean for Your Business?<\/strong><\/p>\n\n\n\n

DORA establishes uniform requirements for the security of networks and information systems supporting the business processes of financial entities. Its scope extends beyond traditional financial institutions, encompassing non-traditional entities like crypto-asset service providers and crowdfunding platforms. Third-party service providers like cloud and data centres are also brought under the regulatory umbrella. DORA sets a deadline of January 17, 2025, for compliance, necessitating a strategic and timely approach for businesses to align with the new standards. But the question many have is, where do I start? Here are six practical steps for DORA Compliance:<\/p>\n\n\n\n

    \n
  1. Review and Strengthen ICT Risk Management:<\/li>\n<\/ol>\n\n\n\n

    DORA places the responsibility on the management body of entities to define and execute appropriate ICT risk management strategies actively. Continuous risk assessments, cyber threat identification, and comprehensive frameworks are essential. As regulatory technical standards (RTS) are still being developed, businesses should stay informed and be prepared to align with forthcoming guidelines.<\/p>\n\n\n\n