Digital Operational Resilience Act (DORA)

Digital Operational Resilience Act (DORA) is an European Union regulation.

This post is an introduction to DORA.

Introduction to DORA

Its full title is “Regulation (EU) 2022/2554 of the European Parliament and of the Council of 14 December 2022 on digital operational resilience for the financial sector“.

DORA is referred in Spanish as Reglamento de Resiliencia Operativa Digital.

You can read the original document for the DORA directive on this external link.

As it is a regulation, it does not need to be transposed by member states.

It should be implemented by member states before 17 January 2025.

Implications of DORA

If an organization is under the scope of DORA, it must take care of:

  • Risk management
  • Incident response
  • Resilience testing
  • Exchange of threat intelligence

Risk management is covered in chapter II

Incident response is covered in chapter III.

Resilience testing is covered in chapter IV.

Vendor risk management (or third-party) is covered in chapter V.

Exchange of threat intelligence between organizations in chapter VI

You might also be interested in…

External References

Leave a Reply

Your email address will not be published. Required fields are marked *