{"id":101397,"date":"2025-06-18T09:00:00","date_gmt":"2025-06-18T07:00:00","guid":{"rendered":"https:\/\/eiposgrados.com\/?p=101397"},"modified":"2025-06-14T01:49:40","modified_gmt":"2025-06-13T23:49:40","slug":"dora","status":"publish","type":"post","link":"https:\/\/eiposgrados.com\/eng\/blog-dpo\/dora\/","title":{"rendered":"Dora"},"content":{"rendered":"<h2 class=\"gb-headline gb-headline-cd41ff2c gb-headline-text\"><strong>Dora<\/strong><\/h2>\n\n\n\n<p>From 17 January 2025, European Union (EU) financial institutions and, as soon as designated, third-party ICT service providers designated as \u201ccritical\u201d by European Supervisory Authorities must be prepared to comply with the Digital Operational Resilience Act (Regulation (EU) 2022\/2554 \u2013 \u201cDORA\u201d). DORA standardizes how financial institutions report cybersecurity incidents, test their digital operational resilience, and manage third-party risk in the financial services sector and in<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img fetchpriority=\"high\" decoding=\"async\" width=\"423\" height=\"232\" src=\"https:\/\/eiposgrados.com\/wp-content\/uploads\/2025\/06\/image.png\" alt=\"Dora\" class=\"wp-image-101398\" title=\"\" srcset=\"https:\/\/eiposgrados.com\/wp-content\/uploads\/2025\/06\/image.png 423w, https:\/\/eiposgrados.com\/wp-content\/uploads\/2025\/06\/image-300x165.png 300w, https:\/\/eiposgrados.com\/wp-content\/uploads\/2025\/06\/image-123x67.png 123w, https:\/\/eiposgrados.com\/wp-content\/uploads\/2025\/06\/image-18x10.png 18w, https:\/\/eiposgrados.com\/wp-content\/uploads\/2025\/06\/image-200x110.png 200w\" sizes=\"(max-width: 423px) 100vw, 423px\" \/><\/figure>\n\n\n\n<p>Key aspects of the DORA regulation:<\/p>\n\n\n\n<p><strong>Operational resilience:<\/strong><\/p>\n\n\n\n<p>Financial institutions must have processes and systems that enable them to withstand and respond to operational disruptions.<\/p>\n\n\n\n<p><strong>ICT Risk Management:<\/strong><\/p>\n\n\n\n<p>A framework is established to identify, assess, and mitigate risks related to information and communications technologies.<\/p>\n\n\n\n<p><strong>Supervision and coordination:<\/strong><\/p>\n\n\n\n<p>National and European supervisory authorities must coordinate to ensure compliance with the regulations.<\/p>\n\n\n\n<p><strong>Transparency and responsibility:<\/strong><\/p>\n\n\n\n<p>Financial institutions must be transparent about their ICT risk management and take steps to mitigate these risks.<\/p>\n\n\n\n<h2 class=\"gb-headline gb-headline-f10bca4e gb-headline-text\"><strong>Impact of the DORA regulation:<\/strong><\/h2>\n\n\n\n<p><strong>Greater security:<\/strong><\/p>\n\n\n\n<p>The regulation seeks to reduce the financial sector&#039;s vulnerability to digital threats.<\/p>\n\n\n\n<p><strong>Mandatory compliance:<\/strong><\/p>\n\n\n\n<p>Financial institutions must adapt to new regulations, including incident management, audits, and system testing.<\/p>\n\n\n\n<p><strong>Greater coordination:<\/strong><\/p>\n\n\n\n<p>The regulation facilitates collaboration between supervisory authorities and financial sector stakeholders.<\/p>\n\n\n\n<p><strong>Mandatory DORA complements:<\/strong><\/p>\n\n\n\n<p>Three European Supervisory Authorities (ESAs), EBA, EIOPA and ESMA, published on 17\/01\/2024 the first set of final draft technical standards under DORA, aimed at enhancing the digital operational resilience of the EU financial sector by strengthening financial institutions&#039; information and communication technologies (ICT) and third-party risk management and incident reporting frameworks.<\/p>\n\n\n\n<p>In order to comply with the sections ICT Risk Management Framework, ICT-Related Incidents, Resilience Testing Program within the ICT Risk Management Framework, Management of ICT-Related Risk Derived from Third Parties, Contracts with ICT Service Providers, the following technical standards projects are being defined:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Regulatory Technical Standards (RTS) on the ICT risk management framework and on the simplified ICT risk management framework;<ul><li>Regulatory Technical Standards (RT)S on criteria for the classification of ICT-related incidents;<\/li><\/ul><ul><li>Specific Regulatory Technical Standards (RTS) on policy on ICT services that support critical or important functions provided by third-party ICT service providers (TPPs);<\/li><\/ul>\n<ul class=\"wp-block-list\">\n<li>Implementation of Technical Standards (ITS) to establish templates for recording information.<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n\n\n\n<p>In short: The DORA Regulation is an important step toward strengthening the digital resilience and cybersecurity of the European financial sector, ensuring that institutions can continue to operate safely and effectively.<\/p>\n\n\n\n<p>If you want to know more about the DORA Regulation, its technical instructions, how to audit it, how to implement it, do not hesitate to sign up for our <a href=\"https:\/\/eiposgrados.com\/eng\/programs\/master-data-protection-audit-risk-management-cyber-compliance\/\">Master in Data Protection Audit, Risk Management and Cyber Compliance<\/a><a href=\"https:\/\/eiposgrados.com\/eng\/programs\/master-data-protection-audit-risk-management-cyber-compliance\/\">https:\/\/eiposgrados.com\/programas\/master-auditoria-de-proteccion-de-datos-gestion-de-riesgos-cyber-compliance\/<\/a><\/p>\n\n\n\n<p>For more information about DORA, you can read the regulations at:<\/p>\n\n\n\n<p><a href=\"https:\/\/eur-lex.europa.eu\/legal-content\/ES\/TXT\/HTML\/?uri=CELEX:32022R2554\" target=\"_blank\" rel=\"noopener\">https:\/\/eur-lex.europa.eu\/legal-content\/ES\/TXT\/HTML\/?uri=CELEX:32022R2554<\/a><\/p>\n\n\n\n<p>Access all the information in our <a href=\"https:\/\/eiposgrados.com\/eng\/programs\/master-data-protection-audit-risk-management-cyber-compliance\/\"><strong><span style=\"text-decoration: underline;\">Professional Master in Data Protection Audit, Risk Management and Cyber Compliance<\/span><\/strong><\/a> and learn more related posts in our Compliance section in our <a href=\"https:\/\/eiposgrados.com\/eng\/dpo-blog\/\"><strong><span style=\"text-decoration: underline;\">Compliance blog<\/span><\/strong><\/a>.<\/p>","protected":false},"excerpt":{"rendered":"<p>Since January 17, 2025, EU financial institutions must comply with the DORA Act, which regulates cyber resilience, ICT risk management, and incident reporting.<\/p>","protected":false},"author":1,"featured_media":101399,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"inline_featured_image":false,"footnotes":""},"categories":[330,368,367],"tags":[],"class_list":["post-101397","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-blog-dpo","category-compliance","category-proteccion-de-datos"],"acf":[],"_links":{"self":[{"href":"https:\/\/eiposgrados.com\/eng\/wp-json\/wp\/v2\/posts\/101397","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/eiposgrados.com\/eng\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/eiposgrados.com\/eng\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/eiposgrados.com\/eng\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/eiposgrados.com\/eng\/wp-json\/wp\/v2\/comments?post=101397"}],"version-history":[{"count":0,"href":"https:\/\/eiposgrados.com\/eng\/wp-json\/wp\/v2\/posts\/101397\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/eiposgrados.com\/eng\/wp-json\/wp\/v2\/media\/101399"}],"wp:attachment":[{"href":"https:\/\/eiposgrados.com\/eng\/wp-json\/wp\/v2\/media?parent=101397"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/eiposgrados.com\/eng\/wp-json\/wp\/v2\/categories?post=101397"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/eiposgrados.com\/eng\/wp-json\/wp\/v2\/tags?post=101397"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}