The EU Regulation on Digital Operational Resilience Act (DORA): GRC approach and main related standards

24 Apr 2024 07:00 AM By itSMF Staff

Reading time: ~ 2 min.

direttiva sulla responsabilitร  da intelligenza artificiale itsmf blog

The EU Digital Operational Resilience Act (DORA)

In our post, we're going to take a closer look to the EU Regulation 2022/2554, the Digital Operational Resilience Act for the financial sector issued by the European Parliament and the European Council (known as well as ยซDORAยป).

First of all, we should remember that the EU Regulation (date 14 December 2022) entered into force on 16 January 2023 and it applies to the EU financial service providers.

We have to know that the Digital Operational Resilience Act amended also these regulations:

๐Ÿ“˜ Regulation (EC) No. 1060/2009;

๐Ÿ“˜ Regulation (EU) No. 648/2012;

๐Ÿ“˜ Regulation (EU) No. 600/2014;

๐Ÿ“˜ Regulation (EU) No. 909/2014;

๐Ÿ“˜ Regulation (EU) No. 2016/1011.

Let's check out in the next lines which requirements have been set by the lawmakers on the new ยซDORAยป.

The Digital Operational Resilience Act: the main requirements

The EU Regulation 2022/2554 defines in particular a set of requirements which are meant to ensure digital resilience and security.

The main parts of the Digital Operational Resilience Act on these matters are in the following chapters:

๐Ÿ”– 1. General Provisions
๐Ÿ”– 2. ICT Risk Management
๐Ÿ”– 3. ICT Related Incident Management Process

๐Ÿ”– 4. Digital Operational Resilience test

๐Ÿ”– 5. Managing of ICT Third Party Risk

๐Ÿ”– 6. Information Sharing Arrangement

How can we manage the compliance with all the requirements set by DORA? Our solution is a GRC Approach: let's take a closer look in the chapter below.

How to manage the compliance with DORA requirements?

We can support the management โ€“ in an integrated way โ€“ of the requirements set by the Digital Operational Resilience Act with the GRC approach based in particular on these ISO standards:

โœ… ISO 38500 on Governance;

โœ… ISO 31000 on Risk Management;

โœ… ISO 37301 on Compliance Management.

This GRC approach provides a useful basis for addressing and integrating too the main aspects of these reference standards:

๐Ÿ“˜ Resilience and Business Continuity (ISO 22301);

๐Ÿ“˜ Information Security (ISO 27001);

๐Ÿ“˜ ICT Services (ISO 20000-1).

Our infographic on DORA requirements and the related ISO standards

To better figure out  the ยซbig pictureยป, take a look at our infographic:
By Andrea Leonardi (VP @ Minerva Group Service, MP @ Alpemi Consulting & itSMF Swizerland board member).
If you want to keep you up-to-date with the most recent news on this topic, don't forget to follow our social media or subscribe on our newsletter.


Need to know more about it?

Click on one of the options below to enter in the itSMF Enviroment and for being updated the way which is best for you.

Subscribe to itSMF Newsletter
Get the benefits of Membership Program

Our sponsors

A special thanks to our Advanced Sponsors:

itSMF Staff