Layla Tovey's blog : The Digital Operational Resilience Act (DORA)
In June of 2022, the European Council and European Parliament reached a political agreement in regards to the operational resilience of critical entities. The push for a more digital resilient strategy aligns with the PRA Operational Resilience guidelines and need to fortify necessary functions to its services to better serve the public. The directive aims to reduce the risk and vulnerabilities presented to the entities and also strengthen its resilience. The entities in question refer to the most critical services provided to the European public, as well as the citizens and markets that depend on them to function properly. This area covers critical entities in a number of sectors, such as energy, transportation, health, drinking water, waste water and space.
The EU is strengthening the IT security of financial
entities such as banks, insurance companies and investment firms. The Council
presidency and the European Parliament reached a provisional agreement on DORA,
which will make sure the financial sector in Europe is able to maintain
resilient operations through a severe operational disruption. DORA aims to
ensure that all participants in the financial system have the necessary
safeguards in place to mitigate cyber-attacks and other risks. This uniform
approach will better prepare the industry as a whole to potential disruptions.
The point of the regulation is to make sure all financial
systems are strong enough to handle any unexpected disruptions with minimal
impact. Firms are also required to report any operational disturbances to the
overseeing authority to assess and monitor the response to those disruptions in
order to better prepare for any future setbacks.
The DORA states systems must be put in place to enhance the
resilience of critical activities, with uniform cohesion within the EU. A
national strategy must be enacted to create a systemic, overarching goal of
resilience across all internal and external processes within the most critical
functions. As always, these civil service functions must first clearly identify
the most vulnerable area of operations, determine the risks associated with
them, as well as a strategy to address each risk properly. This thorough
assessment will allow the firms to enact calculated controls to mitigate
disruptions. The focus of DORA is not only to prepare for disruptions but also
to ensure financial institutions are strong enough to withstand them and bounce
back from them.
The emphasis on operational resilience within digital
systems has grown as we’ve come to depend more heavily on technology based
systems. More than ever, cyber attacks, information breaches and data security
continue to be at the top of the watch list in terms of consumer and financial
safety. While these tech-based processes are efficient and useful, DORA
underlines the need to maintain safety and resiliency across all platforms,
whether internal or external. Safety is at the heart of DORA, and as we
continue to progress, it is expected that amendments to DORA will respond to
changes within the digital environment.
In:
- Digital
- News