Preparation for the Regulation of the European Parliament and of the Council on digital operational resilience for the financial sector (DORA) services

Regulation of the European Parliament and of the Council on digital operational resilience for the financial sector (EU) 2020/0266 (hereinafter – DORA) entered into force on 16 January 2023 and will apply as of 17 January 2025. The DORA regulation establishes uniform security requirements for networks and information systems for EU financial sector entities – banks, investment companies, insurance companies, credit institutions, etc. (hereinafter – Organizations). These organizations falling within the scope of the DORA regulation must take appropriate and proportionate security measures to ensure operational processes, manage security risks and incidents arising from the networks and information systems, and carry out resilience testing of digital operations. Organizations can prepare for the implementation of the requirements of the DORA regulation independently or use our service – Preparation for the Regulation of the European Parliament and of the Council on digital operational resilience for the financial sector (DORA) services.

• We carry out an assessment of compliance with the requirements of the DORA regulation and prepare a plan for eliminating non-conformities
• We create or adjust the policies and procedures regulating the organization’s information and cyber security management in accordance with the requirements of the DORA regulation
• We create or adjust the organization’s contract template with third parties providing ICT services
• We perform information security risk assessment of networks and information systems and prepare a plan of risk management measures
• We carry out a technological vulnerability assessment
• We introduce the employees of the organization to the requirements of the DORA regulation
• We perform digital operational resilience testing
• We provide consultancy services on the implementation of necessary activities and preparation for the DORA regulation

• An assessment report on compliance with the DORA regulation and a non-conformance elimination plan are prepared
• The policies and procedures regulating the organization’s information and cyber security management are created or adjusted in accordance with the requirements of the DORA regulation
• The template of the organization’s contract with third parties providing ICT services is created
• Information security risk assessment report for networks and information systems and risk management measures plan are created
• Technological vulnerability assessment report and recommendations plan are created
• Training materials created and employees are familiarized with the requirements of the DORA regulation
• The report on the resilience testing of digital operations is created
• Consultations provided during the preparation for the implementation of DORA regulation

• Security of operational processes is ensured
• Employees of the organization are familiarized with DORA regulation requirements
• Technological vulnerabilities identified and eliminated in a timely manner
• Digital operational resilience testes and assessed
• The implementation of the requirements of DORA regulation is ensured