Digital Operational Resilience Act (DORA) – Regulation (EU) 2022/2554

What is the Digital Operational Resilience Act (DORA)?

The Digital Operational Resilience Act (Regulation (EU) 2022/2554), commonly known as DORA, addresses a critical gap in EU financial regulation. Prior to DORA, financial institutions primarily managed operational risks by allocating capital to cover potential losses. This approach failed to encompass all aspects of operational resilience, particularly in relation to Information and Communication Technology (ICT).

With the introduction of DORA, financial institutions are now required to follow stringent guidelines for safeguarding against ICT-related incidents. These include measures for protection, detection, containment, recovery, and repair. DORA explicitly targets ICT risks, introducing clear rules for ICT risk management, incident reporting, operational resilience testing, and oversight of ICT third-party risks.

The regulation recognizes that ICT incidents and a lack of operational resilience can threaten the stability of the entire financial system, even when “adequate” capital is allocated to traditional risk categories. DORA closes this gap by ensuring that operational resilience is not merely about financial buffers, but about the ability to withstand and recover from ICT disruptions.

All files below have been checked prior to being uploaded > Brian

LIA PowerPoint Slides

https://andrewsduffy.ie/wp-content/uploads/2024/11/2024-LIA-_-Digital-Operational-Resilience-Presentation-_-Slides-Brian-Andrews.pptx

DORA EU ACT

https://andrewsduffy.ie/wp-content/uploads/2024/11/Dora-Act-European-CELEX-32022R2554-EN-TXT.pdf

DORA Framework Review, detailed explaination of DORA, Regulatory Technical Standards, DORA Articles

https://andrewsduffy.ie/wp-content/uploads/2024/11/Dora-Framework-Review-October2024.docx

Dora Vs Operational Resilience

https://andrewsduffy.ie/wp-content/uploads/2024/11/Dora-Vs-Operational-Resilience-Framework-Review-for-LIA-Sept2024.docx

Scenario’s, List of possible issues that may occur

https://andrewsduffy.ie/wp-content/uploads/2024/11/June24-Sample-List-of-Scenarios-June2024-v1.1.docx

 

Central Bank of Ireland < Link to> for their Outsourcing Register. The Central Bank has developed a template for recording all relevant outsourcing arrangements and for reporting purposes.

https://www.centralbank.ie/regulation/outsourcing-registers-submission-requirements

This is not fully compatible with DORA, it has a large majority of the fiields required, but it gives an idea of what is required, better than trying to create something from scratch, please use your own judgement of its relevance.

 

Disclaimer – All these documents are my opinion and my work, and please use with common sense. AndrewsDuffy are not liable of any content/ommissions or errors listed in these documents.