What is the DORA regulation in a nutshell? The Digital Operational Resilience Act (DORA) regulation outlines what financial institutions and their Information and Communicaiton Technology (ICT) vendors must perform to strengthen the financial services and supplier ecosystem to meet the DORA regulations.
- Are you in scope for DORA?
- Conduct a gap analysis
- Develop a remediation plan to address the gaps
- Identify ICT vendors and execute a plan for ensuring their DORA compliance
- Conduct penetration test – threat led penetration testing (TLPT)
- Develop an incident response plan
- Implement continuous monitoring of ICT vendors
- Define and enact Board responsibilities
Explore the expanded details of the DORA compliance checklist below for specific actions and plans for each of the criteria. We have reviewed the Digital Operational Resilience Act pdf and extracted and interpreted the requirements for publishing here as a DORA regulation summary.