Implementing EU’s Digital Operational Resilience Act (DORA)

The DORA framework entered into force on January 16, 2023, and represents the EU’s most important regulatory initiative on operational resilience and cybersecurity in the financial services (FS) sector. Organizations will have 24 months at their disposal in order to implement the regulations.

What does the DORA framework require?

• The DORA will require firms to adopt a broader business view of resilience, with accountability clearly established at the Board level. It applies to the vast majority of FS firms operating in the EU and establishes binding rules for ICT risk management, incident reporting, resilience testing and third-party risk management (TPRM).
• The DORA also establishes the world’s first framework that allows FS supervisors to oversee Critical ICT Third Party Providers (CTPPs) including Cloud Service Providers (CSPs).
  

How can Deloitte help?

Deloitte can help organizations along the entire journey towards compliance with DORA by assessing the current readiness and proposing measures to meet the regulatory requirements while customizing the remediation plan to your specific environment. Deloitte can help with different activities allowing companies to improve their current capabilities and to implement DORA’s new requirements.