A DORA (Digital Operational Resilience Act) compliance project cannot take less than 6 months. Companies that haven't addressed this risk of failing to meet all compliance requirements by January 17, 2025, potentially lose their operating licenses or face substantial fines.
Organizations active in the financial services sector have less than 7 months until the European regulations on digital operational resilience, outlined in the Digital Operational Resilience Act (DORA), come into effect, warns Devhd—a company specializing in innovative digital transformation solutions based on ServiceNow technology.
"A DORA compliance project cannot take less than 6 months, and companies that haven't addressed this risk failing to meet all compliance requirements by January 17, 2025, potentially losing their operating licenses or facing substantial fines. It's important to note that digital operational resilience isn't just a set of cybersecurity tests but an extensive governance program with principles, procedures, and IT solutions for automating IT and security processes," says Adrian Herdan, Founder & CEO of Devhd.
DORA regulations require financial organizations to develop capabilities for protecting, detecting, mitigating, recovering, and remediating IT&C assets in case of cyber-attacks or any incidents related to IT&C infrastructure. The new regulations cover banks, insurance companies, investment firms, crypto service providers, and more.
To achieve compliance, financial service companies need to adhere to several main areas:
- Establish a risk management framework based on key IT security policies and principles, identify critical IT&C services, map associated assets, third parties, and interdependencies, and develop business continuity and incident recovery strategies.
- Clearly define how to report incidents, as they will need to do so within 24 hours of the occurrence and identify the cause of the attack within a month; also, calculate the aggregate cost of incidents.
- Regularly test operational resilience, with mandatory tests for more financial service companies than before.
- Ensure robust monitoring of risks stemming from dependence on third-party IT&C providers.
- Collaborate with national and international security teams and other financial entities, sharing information about security risks, which will enhance the entire industry's operational resilience and minimize the spread of cyber threats.
"Currently, according to a ServiceNow analysis, the major challenge for financial service companies is identifying the IT&C assets they own, understanding how the technologies they use interconnect, and the involvement of third-party providers in the entire process, especially for critical IT operations and services. It's essential for companies to centralize all this information on a single platform, using technology that can integrate with all existing IT&C systems in the organization, making it easier to calculate cyber incident risk and build the risk management framework that is the cornerstone of DORA," explains FlorinDaniș, TechnicalArchitect and co-founder of Devhd.
Despite DORA regulations being public since 2022 and a 2-year preparation period, in the latter half of last year, approximately 43% of financial companies still did not know the degree of interconnection between IT&C solution providers, such as those for payment transaction authorization and authentication, IT operations, and client transactions via digital channels, which are considered the most critical, according to a Deloitte study.
To assist companies in meeting these requirements, Devhd offers comprehensive solutions through the ServiceNow platform, covering all necessary aspects to ensure operational resilience. Together with the Devhd team, organizations can develop a plan to adopt the powerful ServiceNow platform, fully addressing operational resilience needs.
Devhd believes that operational resilience is not just a solution but an outcome. Achieving this outcome largely depends on the technologies used. To successfully implement an operational resilience program, three key components are required:
- Experience – Understanding and internal leadership to drive the initiative, along with a partner who provides guidance and knowledge.
- Capacity – Individual solutions are insufficient for handling a comprehensive operational resilience program. A platform that offers all required functionalities to support the program is essential.
- Data – Quality and data access are fundamental for real-time visibility of resilience. ServiceNow stands out with its Configuration Management Database (CMDB), providing a centralized, unique source of information. ServiceNow's integrated CMDB allows for real-time monitoring and full visibility of all IT assets, interdependencies, and vulnerabilities. Without quality data, the program will not succeed.
By partnering with experts like Devhd and leveraging the ServiceNow platform, companies can navigate the complexities of DORA compliance with confidence. Don't leave your compliance to chance. Contact us at contact@dev-hd.com to explore comprehensive solutions through the ServiceNow platform and ensure your company is fully prepared for the upcoming DORA regulations.