With the Digital Operational Resilience Act (DORA), the financial sector is facing a significant regulatory change. As your reliable partner for IT regulation and project management, FinIT Consult would like to inform you about the latest developments and assist you with successful implementation.
Time frame and objectives
DORA came into force on 16 January 2023 and will be mandatory from 17 January 2025. The aim is to strengthen digital operational resilience in the financial sector through a standardised set of rules for ICT risks and cybersecurity.
BaFin's implementation guidance: An overview
BaFin has developed detailed implementation guidelines in cooperation with Deutsche Bundesbank and industry representatives. These address the following key areas:
-
Governance and organisation
-
Information risk and information security management
-
IT operations
-
ICT business continuation management
-
IT project management and application development
-
ICT third party risk management
-
Operational information security
-
Identity and rights management
Key innovations and challenges
IKT Business Continuation Guideline
One major innovation is the introduction of a specific guideline for ICT business continuity. This must contain detailed guidelines for responding to ICT incidents, containment measures and damage assessments.
Extended emergency management
Financial organisations need to expand their contingency management to include new scenarios, including climate change impacts, insider attacks, political and social instability and large-scale power outages.
Operational stability and system updates
DORA requires continuous updating of ICT systems and their stability even during periods of stress - a requirement that goes beyond previous regulations.
ICT services and third-party providers
The definition of ICT services has been expanded, which requires a more comprehensive assessment of all ICT-related third-party relationships.
ICT risk control function
DORA is introducing a new function responsible for the management and monitoring of ICT risks. This goes beyond the role of the previous Information Security Officer (ISO).
FinIT Consult: Your partner for DORA implementation
The implementation of DORA poses complex challenges for many financial organisations. As an experienced specialist in IT regulation and project management in the financial sector, FinIT Consult offers you customised support:
-
Gap analysisWe identify gaps between your existing processes and the DORA requirements.
-
Realisation planningTogether we develop a structured roadmap for DORA compliance.
-
Implementation supportOur experienced project managers support you in the efficient implementation of the necessary measures.
-
Training coursesWe ensure that your employees are fit for the new requirements.
-
Continuous counsellingEven after implementation, we are at your side for questions and adjustments.
It is important to note that the existing regulatory requirements (xAIT) continue to form an essential basis for DORA compliance. FinIT Consult has extensive experience in both areas and can therefore provide you with optimum support in integrating the new requirements into your existing structures.
Let us develop and implement your DORA strategy together. Contact us today for a non-binding consultation.
