It’s now under a year until the EU’s Digital Operational Resilience Act – or DORA – will come into force.
DORA is a regulation for the bloc’s financial services sector. And, as the name suggests, it aims to improve resilience across the digital domain.
The Act will cover measures such as ICT risk management, resilience testing, incident management and reporting, and managing third party risks. So, although DORA is aimed at the financial services sector, its impact could be far wider.
Our guest is Rodrigo Marcos, CEO at security consultants SECFORCE and chair of CREST’s EU Council.
He explains how DORA has evolved since it was first announced back in 2020, and what firms need to do now that we are over half way through the two year implementation period.
He warns that there is not much time for organisations to assess whether they are covered by DORA, and to put in place a plan to ensure compliance.
SECFORCE’s Rodrigo Marcos. Interview by Stephen Pritchard
SECFORCE has produced a series of video primers on DORA as well: