Digital Operational Resilience Act Implementation Guide

This guide outlines the Digital Operational Resilience Act (DORA), which became effective on January 16, 2023, and will apply from January 17, 2025. The primary objective of DORA is to enhance cybersecurity practices within the EU financial sector and standardize key requirements and reporting obligations. The document details the framework for managing cybersecurity risks, including those from third-party providers, and emphasizes the importance of understanding forthcoming Regulatory Technical Standards (RTS) that will guide compliance. It discusses the critical roles various departments must play in DORA implementation, such as ICT Risk Management, Incident Management, and Third-Party Risk Management. The guide also stresses the need for institutions to conduct a gap assessment to identify compliance levels and plan necessary actions. Furthermore, it encourages a proactive approach to managing third-party risks and maintaining compliance with local regulations. Institutions are advised to engage in discussions regarding leadership and financial impacts related to DORA compliance.