Visualisierung des Digital Operational Resilience Act (DORA) für den Finanzsektor.

DORA - Digital Operational Resilience Act

DORA, the Digital Operational Resilience Act, is relevant for information and communication technologies in the financial sector. With CRISAM®, implementation is straightforward.

Book a demo appointment now

What’s DORA?

The Digital Operational Resilience Act (DORA), or Regulation (EU) 2022/2554 of the European Parliament and of the Council, includes regulations for information and communication technologies (ICT) across the entire financial sector. DORA will be applied starting from January 17, 2025.

Who is affected?

The new regulation affects two types of entities. On one hand, the entire financial sector, such as credit institutions, insurance, and reinsurance companies. On the other hand, ICT third-party service providers that offer ICT services and enter into specific contracts with financial companies.

Are you one of the affected companies?

The affected companies are categorized by size based on various criteria. DORA defines the four company sizes according to the number of employees and the annual turnover or balance sheet total.

Micro-enterprises

A financial company that is not a trading venue, central counterparty, trade repository, or central securities depository, employs fewer than ten people, and has an annual turnover or balance sheet total not exceeding EUR 2 million.

Small enterprises

A financial company that employs 10 or more but fewer than 50 people and has an annual turnover or balance sheet total exceeding EUR 2 million but not exceeding EUR 10 million.

Medium-sized enterprises

A financial company that is not a small enterprise, employs fewer than 250 people, and has an annual turnover not exceeding EUR 50 million and/or an annual balance sheet total not exceeding EUR 43 million.

Large enterprises

Large enterprises include all financial companies that do not fall under the definition of micro, small, or medium-sized enterprises. They employ more than 250 people and have an annual turnover exceeding EUR 50 million and/or an annual balance sheet total exceeding EUR 43 million.

What’s the goal of DORA?

DORA standardizes and updates various national regulations and laws. Its goal is to create a high common level of ICT security for the EU’s financial sector, embedded within a modernized legal framework. Additionally, it includes specific requirements for implementing security measures. DORA is based on four pillars or thematic areas:

ICT Risk Management
Handling of ICT Incidents
ICT Security Testing
Oversight of Critical ICT Third-Party Service Providers

In addition to DORA, various regulations have been updated to align with it.

In collaboration with metafinanz Informationssysteme GmbH, we have developed a requirements catalog for the different chapters of DORA and incorporated it into the CRISAM® methodology. The compliance questions for the articles were organized into thematic modules. Additionally, we support compliance with the drafts of the Regulatory Technical Standards (RTS) and the drafts of the Implementing Technical Standards (ITS).

Reporting

Compliance with Regulation (EU) 2022/2554 is calculated based on the completion of the requirements catalog. By dividing DORA articles into multiple requirements, it is possible to identify and address deviations systematically. Additionally, CRISAM® offers this compliance check for the current RTS and ITS as well.

We’d be happy to demonstrate it for you!