📢 The countdown is on: #DORA compliance is expected by 17th January 2025!
The Digital Operational Resilience Act 🇪🇺, came into effect 2 days ago. Its scope is large: EU-based financial entities (including small startups/fintechs) but also their IT service providers 🏦☁️ 1/6
The Digital Operational Resilience Act 🇪🇺, came into effect 2 days ago. Its scope is large: EU-based financial entities (including small startups/fintechs) but also their IT service providers 🏦☁️ 1/6
Some highlights:
1️⃣ A reiteration of top management's responsibility for ICT risk mgmt
2️⃣ A real step up in 3rd party risk mgmt is expected: expectations go beyond contractual measures📋; with critical IT providers placed under industry-wide supervision by the regulator🔎 2/6
1️⃣ A reiteration of top management's responsibility for ICT risk mgmt
2️⃣ A real step up in 3rd party risk mgmt is expected: expectations go beyond contractual measures📋; with critical IT providers placed under industry-wide supervision by the regulator🔎 2/6
3️⃣ Testing, testing and more testing👍! A global approach to be adopted, including advanced, threat-based testing by independent testers...
➡️ Some of our clients have already made good progress in setting up the #Framework and concrete questions are beginning to be asked. 3/6
➡️ Some of our clients have already made good progress in setting up the #Framework and concrete questions are beginning to be asked. 3/6
For those who need to get started:
- Define the scope of the regulation: identify your critical functions and the legal entities this affects🔎
- Assess your maturity: many existing initiatives already contribute to your compliance 📈 4/6
- Define the scope of the regulation: identify your critical functions and the legal entities this affects🔎
- Assess your maturity: many existing initiatives already contribute to your compliance 📈 4/6
- Find the right governance: cyber, IT risk mgmt and BCP departments all have a role to play in the process 👥 (towards a universal #CSO role?)
Compliance will certainly improve op resilience of the sector, but it is also the perfect opportunity to really work on recovery🛠 5/6
Compliance will certainly improve op resilience of the sector, but it is also the perfect opportunity to really work on recovery🛠 5/6
A global collaboration, with our international offices 🌐 and leveraging learnings from the UK's #FCA/#PRA experience 🇬🇧 - Thanks to Damien Lachiver and Roxane Bohin! 6/6
• • •
Missing some Tweet in this thread? You can try to
force a refresh
