Digital Operational Resilience Act (DORA) Action Guide
Effective 17 January 2025, DORA covers EU financial institutions and associated ICT service providers.
Overview
DORA EU Risk regulation harmonization
The European Commission initiated DORA to harmonize information and communications technology (ICT) regulation in the financial services sector in the European Union (EU), imposing common requirements in all EU member states in the following areas:
1. ICT risk management and governance
2. Incident reporting and management
3. Operational resilience testing
4. Management of ICT third-party risk
Information sharing is encouraged but not mandatory.
Takeaway 1
ICT risk management and governance
IBM Consulting™ has a range of services to help financial entities quantify their risk and apply governance and controls. IBM software solutions cut the time to automate data discovery and governance by up to 90%,¹ helping with compliance and reporting. IBM Data Security helps secure data and automate compliance auditing.
Governance and risk management
Better manage risks, compliance and governance by teaming with experienced security consultants.
Data governance
Strengthen compliance with automated controls. View the IBM Watson® knowledge catalog.
Data security
Automate compliance auditing and reporting, discover and classify data and sources with IBM Guardium®.
Takeaway 2
ICT incident reporting and management
Financial entities need processes to detect, classify, manage and respond to security incidents, including a stakeholder communication plan and response plan. IBM Security® helps with incident reporting and management, providing solutions for EDR, log management, XDR, SIEM and SOAR. IBM Security X-Force® offers services for detection and recovery from incidents, and managed detection and response. And IBM Control Desk with Maximo® helps organizations manage and report critical assets.
Accelerate threat detection with AI
Detect security incidents and respond efficiently. Ensure visibility and rapid investigation.
Identify critical OT and IT assets
IBM Control Desk with Maximo mitigates OT and IT risks and improve incident management.
Incident response services
Manage and respond to security threats with the expertise and skills of IBM Security® X-Force®.
Takeaway 3
Operational resilience testing
DORA requires establishing, maintaining and reviewing a digital operational resilience program. Required testing includes ICT third parties, and penetration, vulnerability assessments, source code reviews and scenario base testing. IBM offers penetration testing and vulnerability testing to help identify, prioritize and remediate security flaws. IBM Security QRadar® SOAR helps teams respond, automate and collaborate. IBM infrastructure solutions provide flexible capacity for response and recovery, plus capabilities to automate prevention and recovery and re-establish safeguarded copy with IBM storage.
Respond faster with automation
Speed up incident response with automation and process standardization.
Penetration testing services
X-Force Red penetration testing uncovers vulnerabilities that expose your assets to an attack.
Takeaway 4
Management of ICT third-party risk
DORA requires that ICT third-party risks be included in a risk management framework. Financial entities must monitor third-party contracts and give European Supervisory Authorities oversight of essential providers. Entities need a strategy on ICT third-party risk. IBM Consulting offers third-party risk management services, security awareness and training. IBM Managed Security Services helps assess, monitor and document risk, while Randori Recon offers rich assessments of your real-world risk.
A unified, smarter GRC environment
Simplify risk management and regulatory compliance with AI-fueled IBM OpenPages® with Watson.
Reduce your attack surface
Get the context and information you need to reduce your external risk.
IBM Security services
Protect and secure your business with Supply Chain Cyber Risk Management Services.
Takeaway 5
IBM Cloud for Financial Services
Designed specifically for financial regulated industries, IBM Cloud for Financial Services® was introduced in 2019. It aims to help financial services organizations address the industry's unique cybersecurity, regulatory and operational requirements, while providing the benefits and flexibility of the cloud in a secured environment.
5 things to know
Learn how IBM Cloud for Financial Services is helping to mitigate risks.
IBM Cloud for Financial Services
Understand the cloud outsourcing and security risk management guidelines.
Takeaway 6
IBM infrastructure solutions
IBM infrastructure solutions enable clients to develop and manage cyber resilience in a hybrid cloud environment and support compliance with key requirements from regulations like DORA.
Protect storage infrastructure
Protect supply chain data from cyberattacks and hardware failures with IBM Storage Defender.
Use a zero trust approach
Stay ahead of threats: the IBM Power® platform’s integrity can reduce the risk of ransomware.
High availability infrastructure
Get up to 8 9s availability, recover without data loss and defeat ransomware with IBM zSystems®.
Additional resources
Discover how IBM Security software and services can help you understand and address the threat landscape.