DORA 2025 likely refers to the Digital Operational Resilience Act (DORA), a European Union regulation aimed at strengthening the digital operational resilience of the financial sector. While "2025" isn't explicitly part of the acronym, it signifies the year the regulation is expected to come into full effect, specifically January 17, 2025.
Here are some key aspects:
Scope: DORA applies to a wide range of financial entities, including credit institutions, investment firms, payment institutions, and insurance companies, as well as critical ICT third-party service providers.
Objectives: The core objective is to create a consistent and comprehensive framework for managing ICT risk across the financial sector. This includes resilience testing, incident reporting, and third-party risk management.
Key Pillars: DORA is built upon four main pillars:
ICT Risk Management: Financial entities must establish robust ICT risk management frameworks covering identification, protection, detection, response, and recovery.
ICT Incident Reporting: Standardized procedures for reporting major ICT-related incidents to relevant authorities are required.
Digital Operational Resilience Testing: Regular and comprehensive testing of ICT systems and infrastructure, including threat-led penetration testing, is mandatory to identify vulnerabilities.
Third-Party Risk Management: Financial entities need to diligently assess and manage the risks associated with using third-party ICT service providers. This includes contractual arrangements, monitoring, and auditing rights.
Impact: DORA will require financial institutions to significantly enhance their digital operational resilience capabilities and invest in appropriate technologies and expertise. The regulation also establishes a framework for the oversight of critical ICT third-party service providers by European Supervisory Authorities (ESAs). Specifically, these are the important subjects:
Ne Demek sitesindeki bilgiler kullanıcılar vasıtasıyla veya otomatik oluşturulmuştur. Buradaki bilgilerin doğru olduğu garanti edilmez. Düzeltilmesi gereken bilgi olduğunu düşünüyorsanız bizimle iletişime geçiniz. Her türlü görüş, destek ve önerileriniz için iletisim@nedemek.page