DORA
Digital Operational Resilience Act
With the Digital Operational Resilience Act (DORA for short), the EU is focusing in particular on digital resilience. DORA aims to achieve this by implementing various requirements for the stability of digital systems in the financial sector.
In an interconnected Europe, where international cooperation between financial companies is widespread and digitalization-related risks potentially have cross-border impacts, DORA aims to provide a complementary common legal framework at EU level. The regulation became fully applicable on 17 January 2025. Its requirements apply to various types of financial organizations as well as to critical third-party ICT providers to financial organizations.
Harmonization with DORA: How do we proceed?
Preliminary Analysis
In a preliminary workshop, we build internal knowledge among all stakeholders. The workshop covers the general requirements of DORA as well as known risks, challenges, and best practices from similar regulatory-driven projects.
We transfer the definition of "critical and important functions" according to DORA to the functions of your company and determine which other security standards and national regulations might affect you. In most cases, the systems and processes implemented to comply with ISO 27001 or the BaFin circulars can be used as a basis.
Gap Analysis resulting in an Action Plan
The requirements affect institutions holistically. Therefore, a pure document review is not sufficient to ascertain the implementation status of the DORA requirements. We therefore recommend a combination of:
- Document review
- Interviewing key personnel
- Implementation check
The results of this detailed Gap Analysis provide a good picture of the expected costs. They provide implementation options that can be used to set the direction for implementation at the highest management level (Action Plan).
Harmonization Project
Implementation of harmonization with DORA in a comprehensive project tailored to the institute. We support you here at all levels, from the definition of the strategy and the drafting of guidelines to the operational implementation of the requirements in the organization.
We individually address the key areas identified in your gap analysis and, in addition to implementing the individual requirements, we also support you in change management and communication within the institution. During these types of harmonization projects, we support financial institutions often with, for example:
- Establishment or adjustment of IT governance
- Planning and implementation of appropriate risk management
- Establishment or optimization of service provider management in compliance with the applicable regulatory requirements
- Required Security Analysis, such as Red Team Assessments
Customers who already trust us
"For a financial services institution like DAL, the implementation of the DORA requirements represents a significant challenge: The aim is to reconcile increased cyber security resilience with the operational requirements of day-to-day business. A well thought-out project approach is essential for this. All the more reason why we were delighted to be working with our implementation partner usd AG in a collaborative workshop to shed light on the key challenges and lay the foundations for the implementation of the project. We are looking forward to a collaborative partnership and pragmatic implementation."
Kimberley Wilberscheid
DAL Deutsche Anlagen-Leasing GmbH & Co. KG
More Informationen on the Digital Operational Resilience Act
Threat-Led Penetration Testing (TLPT)
Setting off for DORA – Your Preparation in 3 Steps
5 Tips on What to Consider during Planning
NIS-2 and Dora: Why Two Pieces of EU Cybersecurity Legislation?
7 Questions on DORA
