|
Home
Your Needs
Regulatory ComplianceEvaluate Your Security PostureImprove Cyber MaturityTest Your System Resistance
Our Services
Governance & ComplianceNIS2DORAISO 27001AI ActVARA
Consulting & AuditsCyber MaturityEvaluate Your PostureDue DiligenceOutsourced CISO
Operational ServicesPenetration TestsRed TeamCode AuditSOC 24/7
Company
Our MissionOur ValuesOur CertificationsCase Studies
Contact
Contact Us

Governance, Risk and Compliance

DORA Compliance

Digital Operational Resilience Act - Digital operational resilience for the financial sector

What is DORA?

The DORA regulation (Digital Operational Resilience Act) is the new European framework that harmonizes digital operational resilience requirements for the financial sector.

Applicable from January 2025, DORA requires financial entities to strengthen their ability to prevent, withstand and recover from ICT-related disruptions.

Specific obligations:

  • Threat-led penetration testing (TLPT) for significant entities
  • Notification of major incidents within 4 hours
  • Register of contracts with ICT service providers

Entities concerned

DORA applies to all actors in the European financial sector

Credit institutions
Investment firms
Asset management companies
Insurance companies
Pension institutions
Crypto service providers
Crowdfunding platforms
Critical ICT service providers

The 5 pillars of DORA

ICT risk management

Risk management framework for information and communication technologies

  • ICT risk management governance and organization
  • Information system security policy
  • Asset and risk mapping
  • Protection and detection measures

ICT incident management

Detection, management and notification processes for incidents

  • Incident classification by severity
  • Management and escalation procedures
  • Notification to competent authorities
  • Communication to impacted clients

Resilience testing

Testing program to assess digital operational resilience

  • Vulnerability assessments and security scans
  • Advanced penetration testing (TLPT)
  • Crisis scenario testing
  • Business continuity exercises

Third-party ICT management

Supervision of critical ICT service providers

  • Provider due diligence
  • Mandatory contractual clauses
  • Continuous performance monitoring
  • Exit and substitution plans

Information sharing

Exchange of cyber threat intelligence between financial entities

DORA encourages voluntary sharing of threat and vulnerability information within trusted communities to strengthen the sector's collective resilience.

Our DORA support

1

Compliance assessment

Evaluation of the gap between your current situation and DORA requirements

2

ICT risk mapping

Identification and evaluation of risks related to your systems and providers

3

Remediation plan

Definition of priority actions to achieve compliance

4

Implementation

Support in implementing technical and organizational measures

5

Resilience testing

Conducting penetration tests and required continuity exercises

Prepare your DORA compliance

Our financial and cyber experts support you towards DORA compliance.

Request an assessment