DORA
The Digital Operational Resilience Act (DORA) is a European Union regulation aimed at strengthening the information and communication technology (ICT) security of financial entities, including banks, insurance companies, and investment firms. It establishes a comprehensive framework to ensure these organizations can withstand, respond to, and recover from ICT-related disruptions and threats. By harmonizing digital operational resilience requirements across EU member states, DORA seeks to reduce fragmentation and inconsistencies in the financial sector's approach to ICT risk management.
Complete Control's DORA module helps financial entities produce the DORA register of information required by the financial authorities by registering relevant information for entities/branches, suppliers and contractual agreements.
Note!
The documentation explains the general registration process in broad terms and does not give any guidance as to what must be entered in which fields.
1. Set up the entity/branch
Register the financial entity maintaining the register of information and any relevant financial entities within the scope of the registers of information or related branches as own companies.
2. Register DORA information for ICT suppliers and contracts
You can add DORA information to partners and contracts. Both have own DORA sections.
Tip!
On all DORA contracts, you must refer to a DORA supplier. Therefore, activate DORA for the supplier first.
For IT suppliers that can be classified as ICT third-party service providers, it's necessary to register information related to B.05.01 ICT Third-Party Service Providers.
How to add DORA information for contracts
Contracts that are relevant for in the registers of information, must contain DORA-specific information, mostly related to B.02.01., B.02.02 and B.07.01.
Some tips for registering DORA information
Some tips that can be useful to read before registering DORA information.
3. Export the report
Prior reporting, you must enter the financial entity maintaining the register of information.
You export the registered information as Steady-state report in the required format by the competent authorities.