DORA regulation and Deloitte DORA Maturity Assessment Tool

We will guide you through a complete assessment of your DORA maturity, using our specialized tool.

DORA is an initiative of the EU on digital operational and cyber resilience relevant mainly to the financial services sector. The regulation introduces a single set of regulatory and supervisory rules for operational resilience of information and communication technologies and, among other things, requires financial institutions to make significant investments to improve their resilience to digital and cyber risks.

The regulation came into force at the beginning of 2023. Since then, institutions for which the regulation is applicable have 24 months to reflect the new rules in their processes. Are you ready?

Gallery

What is DORA?

DORA is one of the key elements of the EU Digital Finance Package with a significant impact on financial institutions, mainly their operational resilience and cyber security. 

For whom is DORA applicable?

DORA applies to the vast majority of entities operating in the financial services sector.                    

What does DORA bring?

DORA sets out binding rules in the following areas:

  • Classification and reporting of ICT-related incidents
  • Resilience testing of ICT tools and systems
  • ICT-related risk management framework
  • Third-party risk management
  • Threat information sharing      

Why is compliance with DORA important?

Enhancing the operational resilience and security of the financial sector is critical. This is also why failure to comply with any of the DORA obligations would make relevant entities face to corrective actions and / or sanctions. In fact, a penalty for obligation breaches may be as high as 1% of one‘s average daily worldwide turnover.  

PDF
Form

DORA Maturity Assessment Tool

At Deloitte, we have developed a specialized tool built based on all key aspects of DORA, providing you with a detailed overview of your organisation's digital resilience.

The resulting GAP analysis includes:

  • Spidercharts that clearly visualize strengths and weaknesses in each domain.
  • Heat maps to quickly identify priorities in each domain.
  • An overview of the ratings by each domain for a more detailed look at each aspect of DORA and your specific situation.

Test yourself with the DORA Maturity Self-Assessment

Although 24 months may seem like a relatively long time horizon, to ensure effective implementation of all the obligations set out in DORA, it is essential that all affected institutions start preparing for DORA compliance as soon as possible.

If you are interested to see how your organisation stands in the context of maturity, take a short test using the simplified version of the DORA Maturity Assessment Tool by clicking on the link above.

Links to relevant articles

DORA: EU regulation on digital operational resilience of financial institutions

The DORA aims to provide a comprehensive framework in order to harmonize digital resilience processes and standards across the financial sector. DORA also aims to strengthen the authorities of the supervisors and enables direct oversight.

How to correctly set up company compliance? Sensible rules and realistic expectations are key

Compliance is a phenomenon that attracts increasing attention in business circles. An effective compliance programme, from well-prepared codes of ethics to a balanced system of responsibility enforcement, is the foundation of high-quality, successful and secure corporate governance. However, keeping pace with the times and following the most modern trends is not an easy task for a company. Do you know how to set up such a company compliance system the right way?

DORA: Regulation on digital operational resilience and its impacts on financial entities

Regulation in the area of information and communication technology is to be unified into a single legislative act. The European Commission is preparing a set of measures including a Regulation on digital operational resilience for the financial sector (“DORA”). Read on to find out what the new legal initiative will bring and what obligations it will impose on financial entities.

Digital Operational Resilience Act: Changes to outsourcing risk management

The Digital Operational Resilience Act, known as DORA, came into force on 16 January 2023 and will take effect on 17 January 2025. Financial institutions and ICT service providers have less than 24 months to ensure compliance of their activities with the new rules. These apply, among other things, to the management of risks associated with third parties, in particular the management of outsourcing risks.

Contact us

Jakub Höll

Jakub Höll

Director
+420 734 353 815
Martin Antoš

Martin Antoš

Manager