• Days
  • Hours
  • Minutes
  • Seconds

New IT requirements through DORA:

With DORA, Regulation (EU) 2022/2554 on the digital operational resilience in the financial sector (Digital Operational Resilience Act), the EU has created a regulation for cybersecurity, information and communication technology (ICT) risks and digital operational resilience for the entire financial sector, which poses a variety of challenges for institutions.

The aim of the regulation is to address the growing ICT security and cyber risks in the financial sector. DORA contains many additional requirements for internal ICT governance, ICT risk management, dealing with ICT security incidents, ensuring digital operational resilience (obligation to provide a comprehensive testing programme) and monitoring and risk management when outsourcing to and sourcing from third-party ICT providers.

Improve your ICT risk management
by identifying gaps in the orientation, assessment and monitoring of ICT risk issues.

Strengthen your ICT risk management
by establishing an effective ICT risk framework that is aligned with DORA requirements.

Check your ICT reporting process
and find out whether your ICT protocols, processes and tools meet the requirements.

Minimise the risks of ICT third-party management
by evaluating the services provided by external providers. Renegotiate
existing contracts so that they meet the strict requirements of DORA.

Test and evaluate your systems for resilience
with threat-orientated penetration tests based on the DORA test recommendations.

All regulated financial companies in the EU and their third-party ICT service providers must
implement the complex and stricter requirements by January 17th, 2025.
With Annerton’s DORA programme, we accompany you step by step on the path to DORA compliance.

All modules can be booked individually.

Module 1: DORA Quick Scan
We check your level of DORA implementation in a GAP analysis and show your implementation needs.

Module 2: DORA Documents
We assess, create and update your internal guidelines and documentation with regard to the requirements of DORA.

Module 3: DORA Contracts
We design and update your contracts with ICT service providers in accordance with the new DORA requirements. This also includes a categorisation of your ICT procurement with regard to outsourcing or other ICT procurement and with regard to classification as an important/critical ICT service.

Module 4: DORA Shadowing
We support and accompany your individual DORA implementation project and help with project planning and the prioritisation of tasks.

Module 5: DORA Update Service
We keep you continuously informed about new findings and regulatory practice on the subject of IT security/DORA and the corresponding significance for your institution.

Contact us now at:

Your benefits with Annerton´s DORA programme: 

Customised services tailored to your needs

Contract negotiation and drafting by DORA experts

Mitigation of information security risks resulting from the increasing interconnectedness of the financial sector

Unified approach to monitoring digital resilience across the organisation

Support for digital transformation, strategy and innovation at the institute

Expert legal support for your entire DORA project

Download all information about the DORA programme as PDF

You can find more Information about Dora on our Blog: