Scribd
Upload
42 views4 pages

DORA Regulation Overview and Requirements

DORA is an EU regulation aimed at ensuring financial organizations can effectively manage and recover from ICT-related issues, such as cyberattacks, with its core requirements including ICT risk management, incident management, resilience testing, third-party risk oversight, and information sharing. It impacts a variety of entities, including banks, investment firms, and critical third-party ICT providers, who must adhere to a comprehensive ICT Risk Management Framework. Notable service providers for DORA compliance include Grand Thompson and BDO in Malta.

Uploaded by

sadman
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
42 views4 pages

DORA Regulation Overview and Requirements

DORA is an EU regulation aimed at ensuring financial organizations can effectively manage and recover from ICT-related issues, such as cyberattacks, with its core requirements including ICT risk management, incident management, resilience testing, third-party risk oversight, and information sharing. It impacts a variety of entities, including banks, investment firms, and critical third-party ICT providers, who must adhere to a comprehensive ICT Risk Management Framework. Notable service providers for DORA compliance include Grand Thompson and BDO in Malta.

Uploaded by

sadman
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd

DORA

1. What is DORA?

DORA is an EU regulation that makes sure financial organizations


can handle and recover from any ICT-related problems like
cyberattacks or system failures. It was passed on December 14,
2022, as Regulation (EU) 2022/2554. Its goal is to create
consistent rules for managing digital risks across the EU. It also
requires that rules be applied in a way that matches each
organization’s size, risk level, and complexity.

Core Requirements of DORA

 ICT Risk Management: Financial organizations must have strong systems in place to spot and
reduce digital risks.
 Incident Management: They must report major ICT incidents in a clear and timely way to help
regulators respond better to threats.
 Resilience Testing: They need to regularly test their systems (like with vulnerability scans and
penetration tests) to check how well they can handle disruptions.
 Third-Party Risk: Since many rely on outside providers (like cloud services), DORA requires
proper oversight of these third parties to manage risks.
 Information Sharing: Organizations are encouraged to share cyber threat info to help everyone
stay better protected.

Which entities are impacted by the regulation?


There are a wide range of entities that are affected by
DORA. It covers banks, payment institutions, investment
firms, crypto assets service providers and more.

Additionally, critical third-party ICT providers are also


regulated under the regulation. Each critical ICT service
provider will be designated a Lead Overseer
(either EBA, ESMA or EIOPA).

Impacted Entities are summarised in the following


diagram.
What are some of the key obligations under
DORA?
The regulation requires a comprehensive ICT Risk
Management Framework for managing ICT risks. A
summary of the key requirements for financial entities are
divided into the following areas of cyber security and
operational resilience.

List of company who provide DORA services


1. Grand Thompson - Ireland -
[Link]
tal-solutions/digital-operational-resilience-act-dora/
#faq_5988194_6

2. BDO - Malta - [Link]


act-(dora)

Check the brochure

Their services -

3. KPMG Malta services -

You might also like