Digital Operational Resilience Act (DORA) Regulations and Directives
By : 6clicks
The Digital Operational Resilience Act, or DORA, is a European Union (EU) regulation that creates a binding, comprehensive information and communication technology (ICT) risk management framework for the EU financial sector. DORA establishes technical standards that financial entities and their critical third-party technology service providers must implement in their ICT systems.
In stock
Details
In order to achieve a high common level of digital operational resilience, this Regulation lays down uniform requirements concerning the security of network and information systems supporting the business processes of financial entities as follows:
- requirements applicable to financial entities in relation to:
- information and communication technology (ICT) risk management;
- reporting of major ICT-related incidents and notifying, on a voluntary basis, significant cyber threats to the competent authorities;
- reporting of major operational or security payment-related incidents to the competent authorities by financial entities referred to in Article 2(1), points (a) to (d);
- digital operational resilience testing;
- information and intelligence sharing in relation to cyber threats and vulnerabilities;
- measures for the sound management of ICT third-party risk;
- requirements in relation to the contractual arrangements concluded between ICT third-party service providers and financial entities;
- rules for the establishment and conduct of the Oversight Framework for critical ICT third-party service providers when providing services to financial entities;
- rules on cooperation among competent authorities, and rules on supervision and enforcement by competent authorities in relation to all matters covered by this Regulation.
More Information
| Jurisdiction | European Union (EU) |
|---|---|
| Type | Laws or related obligations |