Digital Operational Resilience Act (DORA)

The European Union (EU) Digital Operational Resilience Act (DORA) is a piece of regulation developed by the EU to establish a comprehensive framework for operational resilience in the financial sector.

DORA aims to ensure that financial institutions are able to withstand and recover from cyber attacks, IT failures, and other operational disruptions that could impact financial stability.

In order to comply with DORA, businesses will need to:

1. Assess their operational resilience: Institutions will need to assess their operational resilience by identifying key business services and mapping the IT systems and processes that support them. This will help them to identify and prioritize risks related to cyber threats, IT failures, and other operational disruptions.

2. Implement appropriate controls: Institutions will need to implement appropriate controls to mitigate the risks identified in their operational resilience assessments. This may include technical and non-technical measures, such as access controls, encryption, backups, incident management, and third-party supplier management.

3. Report incidents: Institutions will need to report any significant operational incidents to their national regulators, including cyber incidents, IT failures, and other operational disruptions that impact their business services.

4. Establish testing and review processes: Institutions will need to establish regular testing and review processes to ensure that their operational resilience measures remain effective and appropriate.