The Five Pillars of DORA for the Financial Services Industry

Further to ISC’s recent posts on the topic of DORA, and following the ESA briefing to financial services industry participants in early February 2023, here are the five pillars upon which DORA is built and which underpin the key considerations for Financial Services firms and their Information and Communications Technology (ICT):-

1. ICT risk management
Set of key principles and requirements on ICT risk management framework

2. ICT-related incident reporting
Harmonise and streamline reporting and extend reporting obligations to all financial entities

3. Digital operational resilience testing
Subject financial entities to basic testing or advanced testing (e.g. TLPTs)

4. ICT third party risk
Principle-based rules for monitoring third party risk, key contractual provisions and oversight framework for critical ICT TPPs

5. Information sharing
Voluntary exchange of information and intelligence on cyber threats

ISC intends to publish further posts on DORA specifically dealing with the challenges faced by Investment Management firms. ISC is well-placed to assist you in assessing the impact on your firm and the changes required to meet the requirements of DORA.

Please get in touch with us at [email protected] should you wish to discuss how Investment Solutions Consultants (ISC) Ltd can help you