„You can't manage what you don't measure” - Peter Drucker

Services European Union regulation DORA (Digital Operational Resilience Act)

DORA (Digital Operational Resilience Act)

Skontaktuj się

About DORA

DORA focuses on Operational Digital Resilience, which is the ability of a financial entity to build, underwrite and verify its operational integrity and reliability by providing, either directly or indirectly - using third-party ICT service providers - the full range of ICT capabilities necessary to ensure the security of the networks and information systems that the financial entity uses and that support the continuous provision and quality of financial services, including during disruptions.

Key requirements

- The Governing Body allocates an appropriate budget to meet operational digital resilience needs for all types of assets, approves and oversees the implementation of ICT business continuity strategies and ICT response and recovery plans, implements policies to ensure that high standards of data availability, authenticity, integrity and confidentiality are maintained.

- ICT Risk Management includes a Risk Estimation process consisting of sub-processes: Risk Identification, Risk Analysis, Risk Assessment, and the Risk Handling process including: Risk Modification (Recast Risk), Risk Acceptance (Accept Risk), Risk Avoidance and Risk Sharing.

- Reporting serious ICT incidents to the relevant authorities.

- Establish a risk tolerance limit for ICT risks, according to the risk appetite of the financial entity, and analyze the impact tolerance of ICT disruptions

- Testing operational digital resilience

- Testing ICT with Threat-Led Penetration Testing (TLPT). TLPT, also known as Red Team Testing, is a controlled attempt to breach an entity's cyber resilience by simulating the tactics, techniques and procedures of real actors responsible for cyber attacks.

- Use of risk management measures from third-party ICT service providers

Implementation of Regulatory Technical Standards (RTS) requirements.

W kontekście rozporządzenia DORA, RTS oznacza regulacyjne standardy techniczne. Standardy te odgrywają kluczową rolę w zwiększaniu cyfrowej odporności operacyjnej sektora finansowego UE.

Kluczowe aspekty opisane w RTS w ramach DORA:

  1. Klasyfikacja poważnych incydentów i istotnych cyberzagrożeń
  2. Określenie polityki dotyczącej usług ICT wspierających krytyczne lub ważne funkcje
  3. Rejestrowanie informacji

Przykładem zagadnień poruszanych w RTS jest prezentowany poniżej schemat klasyfikacji incydentów

 

Expanded functionality

We entrust the presentation of results covering technical and process areas to Red Into Green, which, thanks to automatic transfer of vulnerability and non-compliance data to Security Center Plus, allows full coverage of requirements and presentation of risk matrices for Business Continuity, Information Security, Data Protection and others.

Cooperation with DWF Poland

DORA kładzie bardzo duży nacisk m.in. na dokładne kontrole regulacji wewnętrznych czy odpowiednią weryfikacje umów z dostawcami usług ICT tak aby wszystko było zgodne z wymogami rozporządzenia. Odpowiednie wsparcie prawne potrzebne jest również przy analizie kluczowych procesów biznesowych w organizacji i łączeniu ich z informacjami technicznymi. Dlatego właśnie rozpoczęliśmy współpracę z kancelaria DWF Poland, która świadczy wsparcie w powyższych kwestiach a także w wielu innych.

Are you interested in our product or service?

Please contact us

    Send

    Copyright© OpenBIZ sp. z o.o. 2013-2025

    All trademarks and company names appearing on the website are used for information purposes only and are the exclusive property of these companies. Despite every effort, we do not guarantee that the published trademarks of other companies placed on our websites do not contain technical omissions or errors. We are not responsible for any discrepancies. All or part of the website may not be copied or distributed without the written consent of OpenBIZ sp. z o.o.