DORA – Risk Management Framework

Further to our recent posts on the EU DORA regulation, we thought it would be useful to outline the Risk Management Framework that firms should be considering:-

  • Identify - potential risks and weaknesses in your technology/cybersecurity measures. Use continual systematic testing of your cybersecurity defences to identify weak-points
  • Protect and Prevent – ensure that any weaknesses are addressed and take any steps required to prevent potential cyberthreats, both at present, and as new malicious threats evolve
  • Detect – ensure that you have adequate means of monitoring for, and identifying, actual cybersecurity breaches, and that these can be identified as soon as possible after they have occurred
  • Respond – to any incidents that do occur by identifying how your cybersecurity measures were breached, and assessing the extent of the damage caused
  • Learn – from the incident and take measures to ensure that it cannot happen again
  • Communicate – to appropriate parties about the incident taking into account the size and nature of the impact, who was affected, and criticality of any services provided

Remember that DORA covers ICT technology and cyberthreats with 3rd Party outsourced technology providers, and ensuring that their levels of protection are also factored in to your own technology and cyberthreat arrangements.

ISC will also follow up this post with further details around the communications required following an incident (enhancing the final bullet above)

Please get in touch with us at [email protected] should you wish to discuss how Investment Solutions Consultants (ISC) Ltd can help you


We listen to your needs

We listen to your needs

We understand your problem

We understand your challenges

We suggest a solution

We provide solutions

We help with implementation

We help with implementation