What Is Digital Operational Resilience?
Digital operational resilience refers to the ability of a financial entity to build, assure, and review its operational integrity and reliability by ensuring, either directly or indirectly through the use of services provided by ICT third-party service providers, the full range of ICT-related capabilities needed to address the security of the network and information systems which a financial entity uses, and which support the continued provision of financial services and their quality, including throughout disruptions.
As the financial sector heavily relies on digital technologies, new cyber threats continue to emerge. In response, the European Union has developed the Digital Operational Resilience Act (DORA) to enhance digital operational resilience in the financial sector.
What Is DORA?
DORA is a regulation that requires entities in the financial sector to ensure they can withstand, respond to, and recover from all types of ICT-related incidents, risks, and threats. It was enacted by the European Parliament and the Council of the European Union on December 14, 2022, Regulation (EU) 2022/2554, and seeks to harmonize and streamline regulations related to ICT risk management, ensuring consistency and coherence across the EU. DORA requires financial entities to adhere to the principle of proportionality, which considers their operations’ size, risk profile, and complexity.
Why Is DORA Important?
As of January 17, 2025, financial entities will be required to ensure compliance with DORA requirements. Noncompliance with DORA can result in significant penalties, reflecting the seriousness with which the EU views digital operational resilience. While the specific penalties can vary based on the nature and severity of the noncompliance, they are designed to be dissuasive and proportionate.
Organizations must adapt and update their digital operational resilience strategies to keep pace with evolving technologies and threats. This ongoing process involves collaboration across all levels of the organization, from executive leadership to operational staff, as well as with external partners and regulators.
How Do I Get Started?
The PECB Certified DORA Lead Manager training course will help you gain the knowledge and advance the skills in establishing, implementing, and managing an ICT risk management framework based on DORA requirements. KRUCEK experts are eager to guide and assist you throughout the certification process to offer you a worthwhile experience.