DORA vs existing ICT guidelines

DORA vs existing ICT guidelines

The Digital Operational Resilience Act (DORA) is due to be adopted in the end of 2022 and come into effect by 2024. Although being the first major EU-wide legislation treating digital resilience, similar guidelines dealing with ICT and security risk management have already been adopted by the European FSA's.

Most prominent of these are the EBA guidelines on ICT and security risk management and the corresponding EIOPA guidelines (collectively ICT guidelines). Since these guidelines were adopted in 2020 and 2021 respectively, FCG has supported financial institutions in maturing their ICT and security risk management.

If we have adopted the guidelines on ICT, what will be the major challenges in adopting the DORA legislation?

The simple answer to this question is that in strengthening your ICT and security risk management you have already done parts of the work needed to meet the requirements set by DORA. However, two things must be understood before taking on DORA.

Firstly, instead of focusing on only achieving ICT risk management and information security, DORA aims to secure digital operational resilience over the entire financial ecosystem.

Secondly, the requirements set in DORA are more focused on ensuring the existence of strategies, frameworks, and governing processes to achieve digital operational resilience. This is opposed to the requirements in ICT guidelines which are more focused on specifying controls, and especially security control, addressing governing processes in more general terms. In this regard, DORA should not be seen as a replacement for the ICT guidelines, but as a necessary complement to building a stable financial ecosystem.

FCG help you navigate

FCG is positive that any financial entity accustomed to the ICT guidelines and working actively with ICT risk and security management have a head start. Taking the right steps now will let you achieve a robust digital resilience. 

Want to find out how FCG can help you?

This website is using cookies

We use cookies for functionality and analysis.

Read more about cookies
Accept cookies
Settings

Cookie settings

Read more about cookies
DORA vs existing ICT guidelines DORA vs existing ICT guidelines

These cookies are essential and required for this site to work properly. Without them we will not be able to assure that our website and services functions correctly.

DORA vs existing ICT guidelines DORA vs existing ICT guidelines

Analytical cookies are used by third party web services to measure visitors traffic and helps us to evaluate the performance of this website. The collected data is used for the purpose to improve the visitors experience.

Save