Digital Operational Resilience Act - DORA What is DORA? In response to the continual surge in cyberattacks and the growing reliance on technology, financial institutions are obliged to embark on transformation projects and remediation initiatives to align with the latest regulatory frameworks. The DORA regulation came into effect on 17th of January 2025.The Digital Operational Resilience Act (DORA) is a new regulation adopted by the European Parliament that applies to the financial sector. It was adopted by the European Council in November 2022 and published in December 2022. DORA’s objective is to strengthen and harmonise the "digital operational resilience" of the financial sector within the European Union.DORA establishes a set of requirements aimed at enhancing the level of digital operational resilience of financial institutions within the European Union. Dora also applies to their ICT service providers, irrespective of their location. What are the key requirements of DORA? Requirements are organised around five key pillars: Management of risks related to Information and Communication Technology (ICT) Management and reporting of incidents related to ICT Digital Operational Resilience TestingManagement of risks related to third-party ICT service providersSharing information and intelligence related to cyber threats DORA regulation key dates Since January 16, 2023, financial institutions were given approximately 24 months to comply with the DORA regulation. Several Regulatory Technical Standards (RTS) / Implementing Technical Standards (ITS) developed by the European supervisory authorities applied during this period. These will provide detailed specifications for the technical implementation of certain requirements of the regulation. How can we help?Protiviti Netherlands offers comprehensive support throughout the entire DORA journey towards heightened digital resilience. We utilises specially designed tools to analyse your current maturity level, pinpoint areas for improvement in each chapter, and propose tailored measures for regulatory fulfilment. We also support you to operationalise against DORA expectations and to embed a lasting capability within your organisation.Our expert teams possess the essential skills, knowledge, and specialised experience. The is coupled with ongoing training and relevant professional certifications in IT audit, cybersecurity, and project management including CISA, CISM, CISSP, ISO 27001, ISO 22301, TOGAF, ITIL, OneTrust. This shows a commitment to maintaining the highest level of expertise. Leadership Tjakko de Boer Tjakko is managing director in the technology consulting practice at Protiviti’s Amsterdam office. For over 20 years he assisted clients to leverage digital solutions, improve performance, and manage operational risk and control. Key focus areas include information ... Learn more Whitepaper May 28, 2024 12 min read DORA Compliance: Untangling Key Hurdles to Implementation The Digital Operational Resilience Act (DORA), or more formally known as Regulation (EU) 2022/2554, took effect on 16 January 2023, with final industry compliance required by 17 January 2025. The regulation underscores the importance of digital operational resilience in today’s increasingly interconnected and digitised landscape and seeks to expand the reach of... Read more
