13 . 11 . 2024

SECURITY DORA: New Digital Resilience Regulations and Support from Fordata

13 . 11 . 2024

On January 17, 2025, the Digital Operational Resilience Act (DORA) will come into force, mandating financial entities to manage ICT-related risks and ensure operational digital resilience. The goal is to enhance the security of information and communication technology (ICT)-based financial systems, thereby increasing financial stability across the European Union. At Fordata, we operate according to the ISO 27001 standard, enabling us to effectively support our clients in fulfilling DORA compliance requirements.

DORA – What Does It Mean for the Financial Sector?

The DORA regulation is a comprehensive set of rules on ICT risk management, primarily aimed at entities supervised by the Financial Supervision Authority (KNF) and their service providers. It introduces the obligation to manage ICT risk, which includes assessing and monitoring risk, incident reporting, and testing resilience against cyber threats.

Fordata: We Are Ready for DORA

At Fordata, we don’t wait until the last moment. We operate daily in line with the ISO 27001 standard and take a proactive approach to help our clients meet DORA’s new requirements. Here’s how we assist our clients in complying with these new mandates:

01. ICT Risk Management

Financial institutions must effectively identify, assess, and manage ICT-related risks, including those involving technology service providers. At Fordata, we conduct regular internal audits to ensure our security measures are effective. We manage risks related to information security breaches, personal data protection violations, and conduct threat analyses encompassing cybersecurity.

02. Incident Reporting

DORA mandates prompt reporting of ICT security incidents. Fordata has established incident management procedures that allow us to effectively distinguish events from incidents and take swift remedial action. We are committed to informing clients of any incidents, enabling them to report promptly to the appropriate supervisory authorities.

03. Business Continuity Management

DORA requires financial entities to have business continuity plans in place in case of ICT disruptions. Fordata has a tested contingency plan that includes system recovery procedures. We guarantee an RTO (Recovery Time Objective) of under 8 hours and an RPO (Recovery Point Objective) of up to 15 minutes.

04. Digital Resilience Testing

Regular digital resilience testing is a key requirement of DORA. Fordata continually strengthens its cybersecurity capabilities and commissions external penetration tests to assess system resilience against potential threats. Additionally, we test our business continuity plans, including Disaster Recovery infrastructure, and run backup tests to ensure their effectiveness.

05. Support for DORA Compliance

DORA regulates the relationship between supervised entities and external ICT service providers. Therefore, we include clauses addressing both parties’ responsibilities in our client agreements. Upon request, we also provide more detailed information about Fordata, which clients need to complete the “DORA Self-Assessment Questionnaire.” We maintain transparency in our operations, believing that effective security management does not rely on “security by obscurity.”

Fordata’s Comprehensive Approach to Security and Compliance

Fordata is committed to supporting clients in complying with both national and EU regulations. At Fordata, we continuously analyze not only the legal acts that apply directly to us but also those affecting our clients. This enables us to better support them in ensuring compliance and to adapt our services to their regulatory needs.

Fordata – Your Partner in the DORA Era

The introduction of DORA is a challenge that requires dedication, knowledge, and the right tools for ICT risk management. Fordata is ready to support clients at every stage of adapting to the new requirements. As a company operating in line with ISO 27001, we understand the importance of continuous security improvement and compliance assurance. We act ethically and responsibly, supporting both our clients and employees in building digital resilience.

The DORA regulation will take effect on January 17, 2025.

The technical standards detailing tools, methods, processes, and ICT risk management policies stipulated by DORA are available in the European Union’s legal act database.

Did you like the article?

Share page opens in new window

Co-founder of FORDATA. On a daily basis, I ensure that the VDR system and FORDATA's new products meet our clients' needs while maintaining the highest security standards. Outside of work, I am a mother of two, a slow-life enthusiast, and a passionate fan of outdoor sports.

Do you want to exchange knowledge or ask a question?

Write to me : Aleksandra Porębska-Nowak page opens in new window

Achieve success with a VDR

TEST FREE TEST FREE
You may also read