Contact
Search
Close this search box.

The Digital Operational Resilience Act (DORA) will be in full force in January 2025

Are you READY?

Contact Cristie to discuss your DORA Operational Resilience objectives.
Contact
Discover how the Digital Operational Resilience Act (DORA) will revolutionize cybersecurity in the financial sector by 2025 and learn how your organization can stay ahead in operational resilience and compliance.

What is the DORA directive?

The Digital Operational Resilience Act (DORA) is a proposal by the European Commission to establish a comprehensive framework for ensuring the operational resilience of digital services in the financial sector within the European Union. The DORA regulation aims to enhance the cybersecurity and operational capabilities of financial entities, including banks and other financial institutions, and to ensure the continuity of critical financial services.

When does DORA come into full force?

The Digital Operational Resilience Act (DORA) was officially published in the Official Journal of the European Union on 27 December 2022. It is aimed at improving the digital operational resilience of the financial sector in the European Union. The act became effective on 16 January 2023 and will be fully implemented starting from 17 January 2025.
Content:

What are the key aspects of the proposed DORA regulation?

  1. Operational Resilience: DORA focuses on ensuring the operational resilience of digital services provided by financial entities. This includes measures to prevent and respond to cybersecurity incidents and disruptions.
  2. Incident Reporting: The regulation proposes mandatory incident reporting requirements for financial entities, ensuring that competent authorities are promptly informed about significant incidents affecting the continuity of digital services.
  3. Third-Party Providers: DORA also addresses the operational resilience of third-party providers that play a crucial role in the financial ecosystem. Financial entities are expected to assess and manage the risks associated with their reliance on third-party providers.
  4. Testing and Scenarios: Financial entities are encouraged to conduct regular testing and simulation exercises to assess their operational resilience and ability to respond to various cybersecurity scenarios.
  5. Cooperation and Information Sharing: DORA promotes cooperation and information sharing among firms, competent authorities, and other relevant stakeholders to enhance overall cybersecurity and operational resilience across the financial sector.

How can Cristie Data help you with DORA compliance?

Cristie Data has decades of expertise in the areas of data backup, system recovery and cybersecurity which are all key elements of achieving Operational Resilience. For financial sectors firms, the continuity of critical financial services will invariably involve the protection and recovery of application servers numbering into the thousands. Cristie can help to solve the complexities of automating large scale system recovery through their own Cristie Recovery (BMR) software in conjunction with partner backup solutions from leading suppliers such as Rubrik, Dell Technologies, IBM and Cohesity. Our possible engagements in the context of meeting DORA requirements include:
  • Provision of data and system recovery solutions that contribute to DORA compliance and self-assessment, underpinned by class-leading vendors.
  • Cristie Recovery (BMR) software provides extensive capabilities for system recovery simulations, recovery troubleshooting and reporting to meet DORA self-assessment requirements.
  • Security Operations Center (SOC) solutions.
  • Guaranteed EU/German data sovereignty for backup and archive operations.
  • Comprehensive data protection, system recovery and cybersecurity solutions including professional services and support, delivered through a true OPEX Pay-per-Use model within the Cristie READY initiative.
  • Our data and cybersecurity specialists are always available to answer your questions.

Why DORA makes Operational Resilience a Priority for Financial Services Organisations?

Join Richard Cassidy, Rubrik’s EMEA Field CISO, for exclusive insights into the Digital Operational Resilience Act (DORA).

Will DORA apply to your organization?

Key entities to which DORA is likely to apply include:

  1. Credit Institutions: This includes banks and other financial institutions that provide credit services.
  2. Investment Firms: Entities engaged in investment services and activities, including brokerage and investment advisory services.
  3. Central Counterparties (CCPs): Entities that facilitate clearing and settlement services for financial transactions.
  4. Central Securities Depositories (CSDs): Entities responsible for the safekeeping and administration of securities.
  5. Payment Service Providers (PSPs): Entities involved in providing payment services, including banks, electronic money institutions, and other payment service providers.
  6. Electronic Money Institutions (EMIs): Entities that issue electronic money and provide related financial services.
  7. Critical Third-Party Providers: DORA also addresses the operational resilience of third-party providers that play a crucial role in the financial ecosystem. Financial entities are expected to assess and manage the risks associated with their reliance on critical third-party providers.
It’s important to note that the application of DORA may involve a risk-based approach, taking into consideration the size, complexity, and criticality of the services provided by the entities. The regulation aims to ensure that these entities maintain operational resilience, cybersecurity, and the ability to respond effectively to incidents that could impact the continuity of their digital services.

What are the obligations and implications of DORA for affected organizations?

The DORA regulation, in its initial proposals, includes provisions related to self-assessment and testing by financial entities. While the specific self-assessment requirements may be subject to refinement during the legislative process, the following aspects were generally covered:

  1. Operational Resilience Assessment: Financial entities were expected to conduct self-assessments of their operational resilience. This involves evaluating and ensuring the effectiveness of measures in place to prevent, respond to, and recover from incidents that could impact the continuity of digital services.
  2. Testing and Simulation Exercises: The regulation encourages financial entities to conduct regular testing and simulation exercises to assess their operational resilience. These exercises aim to simulate various cybersecurity scenarios and assess the entity’s ability to respond effectively.
  3. Incident Response Evaluation: Financial entities were likely required to evaluate and test their incident response plans and procedures. This involves assessing the entity’s preparedness to handle significant incidents promptly and effectively.
  4. Documentation and Reporting: Entities may be required to document the results of their self-assessments and testing activities. Additionally, they might have reporting obligations to competent authorities, providing relevant details on the nature and impact of incidents, as well as the measures taken in response.
We advise that organizations stay updated on the progress of the legislative process and any changes made to the DORA regulation. The final requirements and obligations for self-assessment may be specified in the adopted regulation. For the latest and most accurate information, it is recommended to refer to official European Union sources.

Contact Cristie to discuss your DORA objectives

Contact

In 1969, Cristie was founded in Stroud, England. In 1994 Cristie Electronics GmbH was founded in Germany. Since then, we’ve been working on storage, backup and disaster recovery solutions.

Solutions

Services

Contact Info

Cristie Data GmbH © 2023 All Right Reserved. IMPRINTPRIVACY

T&C’s
SiteLock

Watch the DORA Video

Thank you for submiting your email address. Press the button below to download the pdf.

Download

Schauen Sie sich das DORA Video an

Thank you for submiting your email address. Press the button below to download the pdf.

Download

Watch the Spectra Tape Video

Thank you for submiting your email address. Press the button below to download the pdf.

Download

Schauen Sie sich das NIS2 Directive Video an

Thank you for submiting your email address. Press the button below to download the pdf.

Download

Save the Data - Event Registrierung

Thank you for your registration!






Participation subject to availability.

Arctic Wolf - Security Breakfast

Thank you for your registration!





Teilnahme nach Verfügbarkeit.

Arctic Wolf - Security Breakfast Event

Thank you for your registration!





Participation subject to availability.

eBook: Transform Your Business with Mature Data Management

Thank you for submiting your email address. Press the button below to download the pdf.

Download

Understanding LTO-9 Tape Technology – Whitepaper

Thank you for submiting your email address. Press the button below to download the pdf.

Download

Understanding LTO-9 Tape Technology – Whitepaper

Thank you for submiting your email address. Press the button below to download the pdf.

Download

Contact Info

Nordring 53-55, 63843 Niedernberg,
An der Burg 6, 33154 Salzkotten,
Germany
[email protected]
+49 (0) 6028 97950

Monatliches Angebot für Cloud-Schutz anfordern

Thank you for your registration!

Wählen Sie mehrere aus, indem Sie beim Auswählen die Taste strg oder cmd drücken.

*Sie können die Anzahl der zugewiesenen Lizenzen in Microsoft 365 ermitteln, indem Sie zur Seite Microsoft 365 Admin center > Billing > Licenses navigieren.

** Die folgenden Abonnements werden von Cristie Cloud Backup für Google Workspace nicht berechnet:
Google Voice Starter (SKU ID: 1010330003)
Google Voice Standard (SKU ID: 1010330004)
Google Voice Premier (SKU ID: 1010330002)

Auf dem Weg zur intelligenten Welt – Whitepaper

Da neue Technologien wie 5G, IoT, Cloud Computing und Big Data in der digitalen Transformation eingesetzt werden, bewegt sich die IT-Architektur von Unternehmen in Richtung eines hybriden Frameworks aus „traditioneller IT + privater Cloud + öffentlicher Cloud + Edge“.

Thank you for submiting your email address. Press the button below to download the pdf.

Download

Striding Towards the Intelligent World – White Paper

As new technologies, such as 5G, IoT, cloud computing, and big data, are being applied in digital transformation, enterprise IT architecture is moving towards a hybrid framework of “traditional IT + private cloud + public cloud + edge”. This report provides an in-depth outlook on the development of the data storage industry.

Thank you for submiting your email address. Press the button below to download the pdf.

Download

Zero Trust Data Security for Dummies

Thank you for submiting your email address. Press the button below to download the pdf.

Download