Digital Operational Resilience (DORA)
Posted: Wed Feb 19, 2025 9:22 am
Part of the Digital Finance Package issued by the European Commission, the legislative proposal on digital operational resilience (DORA proposal), augments existing Information and Communications Technology (ICT) risk requirements, enabling an IT landscape which is expected to be safe and fit for the future. The proposal tackles various elements and includes; ICT risk management requirements, ICT-related incident reporting, digital operational resilience testing, ICT third-party risk and information sharing.
The proposal aims to address; fragmentation regarding the obligations of financial entities in the area of ICT risk, inconsistencies in incident reporting requirements within and across financial services sectors as well as the threat of information sharing, limited and uncoordinated digital operational resilience testing, and the increasing relevance of ICT third party risk.
Financial entities are expected to maintain resilient ICT systems and tools that italy mobile database minimise ICT risk with effective business continuity policies in place. Institutions are also required to have processes to monitor, classify and report major ICT-related incidents, with the ability to periodically test the system’s operational resilience. ICT third party risk is given greater emphasis, with critical ICT third-party service providers subject to a Union Oversight Framework.
In the context of the proposal, banks are expected to undertake a holistic exercise, assessing their ICT framework and plan for the expected changes. The Authority emphasises that banks should continuously monitor all sources of ICT risk whilst having adequate protection and prevention measures in place. Finally, banks should build the necessary expertise and have adequate resources to be compliant with requirements emanating from such proposals.
The proposal aims to address; fragmentation regarding the obligations of financial entities in the area of ICT risk, inconsistencies in incident reporting requirements within and across financial services sectors as well as the threat of information sharing, limited and uncoordinated digital operational resilience testing, and the increasing relevance of ICT third party risk.
Financial entities are expected to maintain resilient ICT systems and tools that italy mobile database minimise ICT risk with effective business continuity policies in place. Institutions are also required to have processes to monitor, classify and report major ICT-related incidents, with the ability to periodically test the system’s operational resilience. ICT third party risk is given greater emphasis, with critical ICT third-party service providers subject to a Union Oversight Framework.
In the context of the proposal, banks are expected to undertake a holistic exercise, assessing their ICT framework and plan for the expected changes. The Authority emphasises that banks should continuously monitor all sources of ICT risk whilst having adequate protection and prevention measures in place. Finally, banks should build the necessary expertise and have adequate resources to be compliant with requirements emanating from such proposals.