The Regulation (EU) 2022/2554 on Digital Operational Resilience for the Financial Sector (aka Digital Operational Resilience Act - DORA) has been adopted by EU in November 2022. Targeting any financial entity within EU, as well as critical providers of ICT services to financial entities, it aims to create a harmonized regulatory framework on digital operational resilience. To achieve this, the practice of ICT risk management is brought to the foreground, along with requirements on operational resilience testing and indentification, handling, and notification of operational resilience incidents.
The National Competent Authorities of Member States will need to enforce the regulation and supervise compliance, with the power to impose administrative penalties on members of the management body of the non-conformant financial entity.
All EU-based financial entities and providers of critical ICT services to financial entities:
||ICT Service Providers
|BFSI sector entities
||Cloud Service Providers (CSPs)
||Fraud Management Providers
||Managed Security Service Provides (MSSPs)
||Payment Solutions Providers
Therefore, in case your organization falls under one of the above categories, compliance with DORA will be required.
SpearIT can support and guide your organisation throughout the proactive steps towards compliance with DORA. Our experience in compliance projects with both types of entities, ensures cost-effective and practical compliance: