Digital Operational Resilience Act Compliance Guide

This document is a whitepaper that outlines the Digital Operational Resilience Act (DORA), which is a European Union regulation aimed at enhancing the cybersecurity and operational resilience of financial institutions and their critical third-party providers. DORA is set to take effect on January 17, 2025, and introduces a comprehensive framework for managing Information and Communication Technology (ICT) risks. The whitepaper details the key objectives of DORA, including ICT risk management, incident reporting, operational resilience testing, third-party risk management, and information sharing among financial entities. It also describes the compliance timeline for financial entities and critical ICT third-party service providers. Furthermore, the document explains how Databricks is approaching DORA compliance through security measures, operational resilience strategies, and adherence to relevant compliance certifications. The whitepaper emphasizes the importance of robust disaster recovery frameworks and the need for continuous updates to align with DORA's evolving requirements.