DORA (Digital Operational Resilience Act) is aimed, among other things, at the risks that can arise from the use of information and communication technology (ICT) services. DORA requires financial organisations to assess and monitor ICT third party risks throughout the entire supply lifecycle. scrioo enables financial organisations to monitor effectively through permanent risk and service provider-focused real-time media monitoring.
With DORA, Regulation (EU) 2022/2554 on digital operational resilience in the financial sector, the European Union has created a cross-financial sector European regulation for the topics of digital operational resilience, ICT risks and cyber security. The regulation came into force on 16 January 2023 and will apply from 17 January 2025, meaning that all financial companies will have to fulfil the requirements of DORA from this date. Around 22,000 financial companies within the EU are therefore currently involved in its implementation.
DORA focuses on the governance and organisation of ICT risk management, i.e. the effective and prudent management of ICT risks to strengthen the digital resilience of each financial company through an internal governance and control framework that enables them to systematically identify, assess and manage their ICT risks. “Financial entities shall, on a continuous basis, identify all sources of ICT risk”, Article 8(2) DORA states. Furthermore: “In accordance with their ICT risk management framework, financial entities shall minimise the impact of ICT risk by deploying appropriate strategies, policies, procedures, ICT protocols and tools.” (Art. 6 para. 3 DORA).
Audits and inspections are an essential means of managing third-party ICT risk. Another very effective tool is real-time media analysis, which enables financial organisations to permanently monitor their service providers with regard to multiple risks, e.g. cyber attacks, data leaks or other security issues. What's more, potential economic risks at the partner, which in turn could have an impact on service quality, can also be identified, such as high staff turnover, legal disputes or sudden changes in management. You can also keep an eye on external risks such as natural disasters that could affect the ICT service provider. If a new risk is detected, you will immediately receive a scrioo alert by e-mail.
At the same time, the platform goes far beyond risk identification. For example, you can send identified risks directly from the platform to the service provider and request a statement. Risks can also be analysed across all service providers or certain risk types can be assigned to the relevant internal employees. And all processes are reliably documented and can therefore be transferred to a report.
Are you interested? Book a demo!
Comments