top of page

Digital Operational Resilience Act

ICA Consultancy: Five Pillars of DORA

Need to comply with DORA, but don't know where to start?

The Digital Operational Resilience Act (DORA), introduced by the European Union, aims to ensure that financial entities can withstand, respond to, and recover from ICT (Information and Communication Technology) disruptions and cyberattacks.

Financial entities within scope of DORA need to be compliant by 17th January 2025

The Five Pillars of DORA

Risk

Management

Financial institutions must:

  • Conduct regular and thorough risk assessments to identify potential threats and vulnerabilities within their information and communication technology (ICT) systems.

  • Create comprehensive incident response plans to effectively handle and recover from ICT-related incidents

Incident

Management

Financial institutions must:

  • Establish a clear incident classification to categorise incidents based on their severity and potential impact

  • Conduct regular reviews of incidents to identify and implement lessons learned 

  • Report major ICT incidents to the relevant authorities

Digital Operational Resilience

Financial institutions must:

  • Regularly test ICT systems and processes to assess their resilience and identify potential weaknesses

  • Simulate different types of disruptions to evaluate the effectiveness of response and recovery plans

  • Conduct reviews of test results to identify and implement improvements 

Third-Party Risk Management

Financial institutions must:

  • Evaluate the risks associated with ICT service providers, ensuring appropriate security standards are met

  • Conduct thorough due diligence on third-party providers, including assessing their security practices

  • Continuously monitor third-party providers, taking required corrective actions

Information

Sharing

Financial institutions should:

  • Share relevant information with competent authorities

  • Contribute to the development of threat intelligence by sharing information about observed threats and vulnerabilities

  • Participate in information sharing initiatives with other financial institutions and industry stakeholders 

How we can help!

01.

DORA Readiness Assessment

02.

Compliance Roadmaps

03.

Risk Assessments & Management

04.

Incident Planning & Exercises

05.

Third-Party Risk Management

Get started with our DORA Readiness Assessment

We assess your compliance against the requirements of the Digital Operational Resilience Act, identifying gaps and providing contextualised, actionable recommendations. This approach ensures you have the foundations to meet your regulatory requirements and ultimately protect information and further develop your operational resilience.

bottom of page