Digital Operational Resilience Act (DORA)

Are you embracing the future with confidence?

Since the live date of the Digital Operational Resilience Act (DORA) on January 17, 2025, the importance of compliance cannot be overstated. Non-compliance is neither a joke nor a myth. While National Competent Authorities (NCAs) will initially adopt a proportionate approach to assess compliance, financial entities should seize this opportunity not only to enhance and fortify their resilience but also to transform their Information Risk Management (IRM) programs.

Embarking on this continuous compliance journey will necessitate educated and trained personnel, processes that are proactively refined based on feedback and innovation, and the digitalization and adoption of advanced solutions.

To navigate this path, consider these five crucial EY services:

• DORA Assessment and Internal Audit: Quickly evaluate your current state of compliance and identify gaps to ensure you meet DORA requirements.
• Third Party Risk Management: Manage and mitigate risks associated with third-party service providers to ensure compliance and enhance your operational resilience.
• Training and Education: Equip your teams with the necessary knowledge and skills through comprehensive training programs focused on DORA compliance and resilience best practices.
• DORA DORT: Implement and manage the Digital Operational Resilience Testing (DORT) framework to ensure your systems and processes are resilient against operational disruptions.
• Digital Solutions Adoption: Embrace digitalization by adopting cutting-edge solutions that streamline compliance efforts and enhance your operational resilience.

Ultimately, addressing DORA regulation effectively from the onset will not only ensure adherence to regulatory standards but also pave the way for a fortified and resilient operational framework, ready to face any future challenges head-on.

How EY can help?

Next steps for you and your business

Within our strategic consulting framework, we assist various stakeholders in the financial sector in creating, executing, or evaluating the effectiveness of their ICT risk protocols, compliance status, and ongoing risk management strategies (resilience). 

Furthermore, EY has formulated Third Party Security Risk Management (TPRM) solutions, supporting management bodies and enabling them to identify, assess, regulate and control the risks tied to third parties and contracts. A brief explanation of some of our services follows.

• DORA readiness current state assessments & multi-year roadmap: We carry out evaluations using already available mapping data within your organization, such as business impact analysis, privacy data flow maps, and technology asset inventories.
• Resilience testing & attack simulation: We can evaluate the resilience of your organization by simulating cyberattacks (red teaming, TIBER-LU, etc.), which allows us to test your detection and response capabilities.
• Incident response services: We provide assistance to your organization in preparing for potential breaches and reducing the impact of any potential security incidents. In this regard, we support your organization in developing, sustaining, and testing your incident response strategy.
• Third party profiling, and risk & controls assessments: We conduct risk profiling of services and implement global assessments both onsite and remotely across all risk domains. These domains include aspects such as resiliency, cyber risk, financial health, and regulatory compliance.