The Act on Digital Operational Resistance (Dora), in fact, since January 17, 2025, is a significant development of EU financial regulation. It deals with operating resistance, especially in terms of the risks of information and communication technologies (ICT).
Dora acknowledges the meaning of the importance of the financial sector to the provider of third -party stroke and lays down rules for their management.
Financial companies depend on the ICT services for key tasks, which makes these providers vital to adherence to Dora. The company’s efforts to comply with Risk Management, incident reporting and surgical testing contribute to the stability and security of the financial system.
Let’s explore the category of ICT providers, key responsibilities and steps that can be taken to help financial institutions to follow Dora.
Category of providers ICT under dora
Understanding the role of ICT providers is important for financial institutions within Dora because these providers play an important role in the support of the operational functions and resistance of the organization.
Dora categorizes the ICT provider into two main groups on the basis of their importance for financial institutions:
- Basic providers of ICT Services Available Standard ICT services in support of critical financial institutions. Example: A local IT company providing basic software maintenance or HELP desk support.
- ICT Critical Services Providers Providing services that financial institutions deemed to be supported by one (or more) of their “critical or important functions”, which means that those functions that the company considers essential for its cores. Example: The cloud storage provider hosts sensitive financial data or supplier of payment processing system.
Knowing these categories help to evaluate and manage the risks associated with outsourcing and relying on external technological services.
Key responsibility Financial institution
According to Dora, financial institutions have five key pillars of responsibility for ensuring their operational resistance:
ICT risk management: Financial institutions are expected to implement frames for identifying, evaluating and mitigating the risk related to ICT. This included regular risk assessment, identification of potential vulnerability and developing strategies for adding these risks. Comprehensive safety measures to protect against cyber threats and data violations are generally considered to be important.
Incident for reporting: Early and accurate reports of ICT incidents are essential. Financial institutions are expected to have the detection, evaluation and reporting systems that these services or customers are introduced. This included the determination of clear channels and procedures for classification of incidents based on severity.
Testing Digital Operations: Dora outlines that financial institutions should perform regular testing of their systems, including advanced penetration testing on critical systems. The aim of this testing is to increase their ability to resist and recover from disruption and support the continuity of services in demanding situations.
Third Party Risk Management: Financial institutions should actively monitor and manage the risks associated with their ICT service providers, as the IS subcontractor and the supplier of providers. In this way, financial institutions can help ensure strong resistance and safety throughout the delivery chain.
Sharing information: Open communication and cooperation within the financial ecosystem consider it important to Dora. This may include intelligence sharing, participation in the entire sector and contributing to the overall resistance of the financial sector.
Dora may apply to American companies if the organization provides financial services in the territory. Dora is not just for effort; It covers any company outside the EU that has financial activation in the region and ensures that all parts contribute to digital resistance.
In addition, Dora may indirectly affect non -financial services, given the obligations provided by Ict providers. The sales financial institution depends on these basic services providers that may find themselves in the ICT sector that they must meet certain standards and procedures to maintain and support the operational resistance of their financial customers.
Preparation for adherence to dora
As a financial entity Consider these steps to support your organization’s efforts to comply with the Dora’s instructions:
- Concern Conciernsive Self -Evaluation: Evaluate your current dora requirements and identify potential gaps and areas for improvement.
- Update documentation and policies: Check and revise your internal principles, procedures and documentation to agree to the Dora’s instructions.
- To improve security measures: Using the implementation or modernization of safety controls focusing on areas such as access management, encryption and network part.
- Development Response Plan: Create a detailed plan aimed at addressing the Dora incident and management instructions.
- Continuous monitoring: Consider setting up systems for continuous monitoring of your ICT infrastructure that supports harmony with Dora.
Cisco can help financial institutions through a portfolio to understand the security portfolio, which aims to strengthen their operating resistance and support their harmonization with the Dora frame. Our integrated approach can help solve key areas, including risk management, report incident, and digital resistance testing. Some of the recommended Cisco solutions include:
Secure workload of Cisco:: It helps in risk management by providing visibility of workload behavior and holding security.
Cisco xdr:: It simplifies security operations to correlation data from multiple security layers, applies advanced priority analysis and responds to threats.
Cisco talos:: It provides threatening intelligence to support continuous monitoring and incident response.
Cisco thousandyes: Testing digital resistance by monitoring digital ecosystems and ICT partners.
Cisco Security Suites: It offers comprehensive safety solutions that integrate more technology for holistic protection. These include CISCO user and data to protect user and data access, Cisco Cloud Suite for cloud native and Cisco Breach Protection for advanced defense.
Visit our website for an overview of Cisco’s security portfolio.
Conclusion
Dora represents a significant shift in how financial institutions approach operational resistance and risk management. By understanding and implementing the requirements of Dora, financial institutions can manage their service providers in the field of ICT and help to ensure the stability of their operations. This regulation not only mandates compliance with regulations, but also offers the opportunity for financial companies to strengthen their attitude to security and build a strong partnership with their ICT providers. The acceptance of the framework of Dora helps them navigate the complexes of their digital landscape while maintaining confidence and confidence in their service. By strengthening the culture of resistance and cooperation, financial institutions can contribute to the overall stability and security of the financial system.
For more information on how Cisco can support your efforts to settle Dora, consider the restore:
Video: Accelerate the digital transformation with Dora (: 51)
Whitepper: Dora navigation with Cisco Security Solutions (PDF)
BLOG: Four ways to follow Dora is an opportunity for organizations to speed up digital transformation
Blog: Dora checklist: 3 key areas to track
Share: