Digital Operational Resilience Act (DORA) is an European Union regulation.
This post is an introduction to DORA.
Introduction to DORA
Its full title is “Regulation (EU) 2022/2554 of the European Parliament and of the Council of 14 December 2022 on digital operational resilience for the financial sector“.
DORA is referred in Spanish as Reglamento de Resiliencia Operativa Digital.
You can read the original document for the DORA directive on this external link.
As it is a regulation, it does not need to be transposed by member states.
It should be implemented by member states before 17 January 2025.
Implications of DORA
If an organization is under the scope of DORA, it must take care of:
- Risk management
- Incident response
- Resilience testing
- Exchange of threat intelligence
Risk management is covered in chapter II
Incident response is covered in chapter III.
Resilience testing is covered in chapter IV.
Vendor risk management (or third-party) is covered in chapter V.
Exchange of threat intelligence between organizations in chapter VI
You might also be interested in…
- NIS2
- CER
- GDPR
- IT Security Compliance Regulations
- IT Security Compliance
- Cloud Security Compliance
External References
- EU; “Regulation (EU) 2022/2554 of the European Parliament and of the Council of 14 December 2022 on digital operational resilience for the financial sector and amending Regulations (EC) No 1060/2009, (EU) No 648/2012, (EU) No 600/2014, (EU) No 909/2014 and (EU) 2016/1011“; EU
- SealPath; “Reglamento DORA – Guía y Cumplimiento de la Ley de Resiliencia Operativa Digital“; SealPath {Spanish}
- Pilar García López; “DORA: NUEVO REGLAMENTO EUROPEO SOBRE RESILIENCIA OPERATIVA DIGITAL DEL SECTOR FINANCIERO“; BDO.es {Spanish}