Who is subject to DORA?
DORA is a European regulation that sets out uniform requirements for the security of financial entities' networks and information systems. Not all financial services companies are subject to DORA. For example, investment and insurance intermediaries are exempt. Smaller and less risky entities are subject to a lower range of cyber security obligations. We will let you know on request whether or to what extent DORA applies to you. Contact us.
DORA covers the following areas of cybersecurity regulation for financial institutions:
- financial institutions' cyber resilience, the ability to withstand, respond to and recover from cyber incidents
- rules and standards for ICT risk management, including security and governance
- obligation to conduct regular cyber threat resilience tests
- the obligation of proper supply chain management at the level of ICT service providers (outsourcing)
- reporting significant cyber incidents to supervisory authorities
- oversight of critical third parties (ICT vendors) such as cloud service providers or data connectivity providers
Each financial institution subject to DORA regulation is required to set and comply with internal rules for the proper management of ICT technology within its operations and for cyber security. The development of internal standards is usually entrusted by companies to lawyers and cooperating ICT experts.
What can we do for you?
Our services are provided to meet the requirements of ICT governance while not unnecessarily burdening your business beyond what is necessary. We work with cyber security experts who bring the necessary IT insight and erudition to the solution. The result is a comprehensive and individualized DORA solution. A turnkey DORA solution means that:
- we assign you a personal project manager who will be in charge and help you set up your DORA obligations
- we will help you draw up a system of internal rules - internal regulations that describe all the necessary processes (ICT strategies, policies, procedures)
- we will design a system for training and testing of staff
- create other related template documents such as mandates, notices, reports, etc., needed to meet DORA obligations
- set up contractual arrangements with external ICT service providers (outsourcing), including exit strategies and transition plans
- assist you with your DORA obligations on an ongoing basis
What will we need from you?
- information about you (we will sign a non-disclosure agreement)
- basic information about your ICT solution and planned setup
- other information according to the type of obliged person
- the time of your ICT staff
How long will this take?
Inventorying and setting up ICT rules and processes usually takes 2-3 months, depending on the synergy.
For whom have we already developed a system of internal policies?
We have developed ICT rules for clients such as securities dealers, payment service providers or persons handling cryptoassets.
How much will it cost?
The cost depends on the complexity and scope of your business. You will receive a specific written quotation from us after a telephone or personal consultation. We will help you. Contact us.