Certification
DORA (the Digital Operational Resilience Act) introduces a set of rules and requirements that financial institutions and their IT service providers must comply with to protect their IT systems from cyber threats and ensure operational continuity. It represents a significant step forward in strengthening cybersecurity within the European financial sector.
What is DORA?
The Digital Operational Resilience Act (DORA) is a regulatory framework designed to strengthen cybersecurity and resilience in the financial sector. It helps banks, financial institutions, and ICT providers prevent, respond to, and recover from cyber threats and operational disruptions.
DORA establishes uniform security requirements for networks and IT systems supporting financial services. These include ICT Risk Management, Incident Reporting for major cyber events, Digital Operational Resilience Testing, Information Sharing, Regulation of Third-Party ICT Service Providers
DORA applies to 21 categories of financial entities operating within the EU, including:
- Banks and Credit Institutions
- Payment Service Providers
- E-money Institutions
- Investment Management Firms
- Crypto Asset Service Providers
- Alternative Investment Funds (AIFs)
- Insurance and reinsurance Companies
- Third-Party ICT Service Providers
Certification
What is DORA?
The Digital Operational Resilience Act (DORA) is a regulatory framework designed to strengthen cybersecurity and resilience in the financial sector. It helps banks, financial institutions, and ICT providers prevent, respond to, and recover from cyber threats and operational disruptions.
DORA establishes uniform security requirements for networks and IT systems supporting financial services. These include ICT Risk Management, Incident Reporting for major cyber events, Digital Operational Resilience Testing, Information Sharing, Regulation of Third-Party ICT Service Providers
DORA applies to 21 categories of financial entities operating within the EU, including:
- Banks and Credit Institutions
- Payment Service Providers
- E-money Institutions
- Investment Management Firms
- Crypto Asset Service Providers
- Alternative Investment Funds (AIFs)
- Insurance and reinsurance Companies
- Third-Party ICT Service Providers
DORA (the Digital Operational Resilience Act) introduces a set of rules and requirements that financial institutions and their IT service providers must comply with to protect their IT systems from cyber threats and ensure operational continuity. It represents a significant step forward in strengthening cybersecurity within the European financial sector.
Our approach to
DORA
After the Seveso Directives and UE Directive 2016/1148 (NIS), the group of companies that must comply with EU Regulations on Cyber Security and Business Continuity is expanded to include medium-sized enterprises by EU 2022/2554 (DORA) and the EU Directive 2022/2555 (NIS2).
GERICO Supports Your Compliance Journey and related processes:
- Identifying and formalizing processes for ICT risk management and third-party cyber risks.
- Incident Reporting
- Operational Resilience Testing
- Threat Intelligence Sharing, facilitating data and information exchange on vulnerabilities and threats
- Third-Party Risk Management, defining security measures for ICT service providers
- Reviewing and monitoring contractual obligations between financial entities and ICT service providers.
