The latest resilience news from around the world

ISACA publishes guidance on draft EU Digital Operational Resilience Act

The European Union’s draft Digital Operational Resilience Act (DORA) is designed to provide digital operational resilience rules for EU financial institutions and ISACA has released new guidance to help organizations prepare for its implementation. The final version of DORA is currently expected in an estimated 18-24 months, with a compliance requirement at some point after that.

ISACA’s document, 'Digital Operational Resilience in the EU Financial Sector: A Risk-Based Approach', outlines the objectives and legal basis for DORA, as well as its information and communication technology requirements around risk management, information and cybersecurity, incident reporting, testing, and oversight of third-party service providers, some of which include:

  • Set up and maintain resilient ICT systems and tools that minimize the impact of ICT risk.
  • Have an ICT risk-management framework that includes strategies, policies, procedures, ICT protocols and tools necessary to effectively protect all relevant physical components and infrastructures from risk, such as damage and unauthorized access or usage.
  • Test the ICT business continuity policy and the ICT disaster recovery plan at least yearly, and after substantive changes to the ICT systems.
  • Include relevant provisions on accessibility, availability, integrity, security and protection of personal data, and guarantees for access, recover and return in the case of failures of the ICT third-party service providers in contracts that govern the relationship with third-party providers.

When finalized, DORA will enact rules for financial services system operators like investment firms, credit institutions, trading venues and electronic money institutions to ensure these systems’ stability and resilience to cyber incidents. 

To download a complimentary copy of Digital Operational Resilience in the EU Financial Sector click here.



Want news and features emailed to you?

Signup to our free newsletters and never miss a story.

A website you can trust

The entire Continuity Central website is scanned daily by Sucuri to ensure that no malware exists within the site. This means that you can browse with complete confidence.

Business continuity?

Business continuity can be defined as 'the processes, procedures, decisions and activities to ensure that an organization can continue to function through an operational interruption'. Read more about the basics of business continuity here.

Get the latest news and information sent to you by email

Continuity Central provides a number of free newsletters which are distributed by email. To subscribe click here.