Key takeaways
- DORA – The Digital Operational Resilience Act (DORA) is a European Union regulation that came into force on January 16, 2023 and will take effect on January 17, 2025. Its goal is to enhance information technology security for financial entities (including banks), insurance companies and investment firms, ensuring the financial sector in Europe remains resilient during severe operational disruptions.
- Comprehensive information and communications technology (ICT) risk management – Financial entities must develop and maintain a thorough ICT risk management framework. This includes setting up resilient ICT systems, identifying and managing ICT risks, and implementing protection and prevention measures. Key functions to address are identification, protection, detection, response, recovery, and continuous learning and improvement.
- Mandatory reporting of ICT-related incidents – Companies are required to establish processes for monitoring and logging ICT-related incidents. Major incidents need to be reported to the relevant authorities using a standardized template. This reporting helps in maintaining transparency and ensuring quick resolution of issues that…
