The European Union’s recently released Digital Operational Resilience Act (DORA) draft is designed to provide digital operational resilience rules for EU financial institutions, and ISACA provides guidance on this proposal in its new white paper, Digital Operational Resilience in the EU Financial Sector: A Risk-Based Approach.
The final version of DORA is expected within 18-24 months, and this new publication will help the financial industry prepare ahead of time. Once finalized, DORA will enact rules for financial services system operators like investment firms, credit institutions, trading venues and electronic money institutions to ensure these systems’ stability and resilience to cyber incidents.
The ISACA white paper, Digital Operational Resilience in the EU Financial Sector, outlines the objectives and legal basis for DORA, as well as its information and communication technology (ICT) requirements around risk management, information and cybersecurity, incident reporting, testing, and oversight of third-party service providers, some of which include:
- Set up and maintain resilient ICT systems and tools that minimize the impact of ICT risk
- Test the ICT business continuity policy and the ICT disaster recovery plan at least yearly and after substantive changes to the ICT systems
- Have an ICT risk-management framework that includes strategies, policies, procedures, ICT protocols and tools necessary to effectively protect all relevant physical components and infrastructures from risk, such as damage and unauthorized access or usage.
To download a complimentary copy of Digital Operational Resilience in the EU Financial Sector, visit here. Additional publications that may be helpful for financial entities as they prepare for DORA include ISACA’s Risk IT Framework, Risk IT Practitioner Guide, 2nd Edition, and IT Risk Fundamentals Study Guide. Other IT risk-related resources can be found at h04.v6pu.com/resources/it-risk.