Mit dem Digital Operational Resilience Act (DORA) steht der Finanzbranche eine bedeutende regulatorische Veränderung bevor. Als Ihr verlässlicher Partner für IT-Regulatorik und Projektmanagement möchte ReguVance Sie über die jüngsten Entwicklungen informieren und Ihnen bei der erfolgreichen Umsetzung zur Seite stehen.
Time frame and objectives
DORA came into force on 16 January 2023 and will be mandatory from 17 January 2025. The aim is to strengthen digital operational resilience in the financial sector through a standardised set of rules for ICT risks and cybersecurity.
BaFin's implementation guidance: An overview
BaFin has developed detailed implementation guidelines in cooperation with Deutsche Bundesbank and industry representatives. These address the following key areas:
-
Governance and organisation
-
Information risk and information security management
-
IT operations
-
ICT business continuation management
-
IT project management and application development
-
ICT third party risk management
-
Operational information security
-
Identity and rights management
Key innovations and challenges
IKT Business Continuation Guideline
One major innovation is the introduction of a specific guideline for ICT business continuity. This must contain detailed guidelines for responding to ICT incidents, containment measures and damage assessments.
Extended emergency management
Financial organisations need to expand their contingency management to include new scenarios, including climate change impacts, insider attacks, political and social instability and large-scale power outages.
Operational stability and system updates
DORA requires continuous updating of ICT systems and their stability even during periods of stress - a requirement that goes beyond previous regulations.
ICT services and third-party providers
The definition of ICT services has been expanded, which requires a more comprehensive assessment of all ICT-related third-party relationships.
ICT risk control function
DORA is introducing a new function responsible for the management and monitoring of ICT risks. This goes beyond the role of the previous Information Security Officer (ISO).
ReguVance: Ihr Partner für die DORA-Implementierung
Die Umsetzung von DORA stellt viele Finanzunternehmen vor komplexe Herausforderungen. Als erfahrener Spezialist für IT-Regulatorik und Projektmanagement im Finanzsektor bietet ReguVance Ihnen maßgeschneiderte Unterstützung:
-
Gap analysisWe identify gaps between your existing processes and the DORA requirements.
-
Realisation planningTogether we develop a structured roadmap for DORA compliance.
-
Implementation supportOur experienced project managers support you in the efficient implementation of the necessary measures.
-
Training coursesWe ensure that your employees are fit for the new requirements.
-
Continuous counsellingEven after implementation, we are at your side for questions and adjustments.
Wichtig zu beachten ist, dass die bisherigen regulatorischen Anforderungen (xAIT) weiterhin eine wesentliche Grundlage für die DORA-Compliance bilden. ReguVance verfügt über umfassende Erfahrung in beiden Bereichen und kann Sie so optimal bei der Integration der neuen Anforderungen in Ihre bestehenden Strukturen unterstützen.
Let us develop and implement your DORA strategy together. Contact us today for a non-binding consultation.
