Getting ready for DORA: download our practical guide

DORA is the gamechanger in cybersecurity you can't ignore, even if you might be tempted to do so... But where to get started on this new EU directive for the financial sector??

... > DORA > Getting ready for DORA: download our practical guide

Your ultimate DORA Guide - All you need to get started

As the DORA deadline approaches, our customers are asking us more questions about this regulation. Maybe you're facing this too. Our ultimate guide to DORA is full of practical tips from our cybersecurity experts, to help you get started.

Questions our customers ask about DORA

  • Does DORA apply to my organization?
  • Which cybersecurity measures does DORA request for my company and what does that mean in practice?
  • What are penalties for non-compliance?
  • My organization is ISO 27001 certified: does that mean we are ready for DORA?
  • Where do I start to reach DORA compliance?

Read all about it in our in-depth DORA guide.

Image in image block

Download your ultimate DORA Guide

Discover your best next steps for DORA. Please enter your name, email and company to download your DORA Guide immediately:

Eva van Emmerik

Eva van Emmerik

Manager Financial Market Group

Secura

‘Digital resilience is already important within the financial sector. But DORA focuses on the entire financial system, including critical suppliers. This means this legislation is going to have an impact on your organization. We hope this document helps you on your way to DORA compliance.’

What is DORA?

The Digital Operational Resilience Act, or DORA, is a European directive focused on digital resilience within the financial sector. DORA places obligations on financial organizations. The directive goes into effect on January 17, 2025.

Jelmer Noordam Partner in Compliance

Jelmer Noordam

Information Security Consultant

CC Security

‘Manuals and risk frameworks are a good complement to the DORA, but being compliant with these standards does not automatically make you compliant with DORA.’

What are the most important requirements of DORA?

DORA’s obligations can be roughly divided into five groups, says Jelmer Noordam of CC Security: ‘The first is risk management. In an ongoing cycle, risks, vulnerabilities and threats must be identified in order to implement targeted policies and measures.’

In addition, DORA has requirements around testing and auditing, for example, annual pen testing and triennial Threat Led Penetration Testing. DORA also requires monitoring of ICT service providers and up-to-date ICT incident management. Finally, there are new expectations around information sharing.

The aspect of information exchange will involve new processes, says Noordam: ‘For example, the mandatory reporting of serious ICT incidents. But the law also opens up the possibility of communication exchange within the sector. This can include knowledge about incidents, hacking attempts, information about the threat picture and tips and advice to improve cybersecurity policies.’

Highlight-image

Why DORA?

One of the reasons for DORA is the increase in cyber attacks via suppliers, says Eva van Emmerik, Manager Financial Market Group at Secura: ‘Cyber criminals do not only look at how secure an organization is, they look mainly at the easiest route. If a financial institution itself is well secured, then a third party with access is a logical route to attack.’ This means that DORA mandates chain security measures, among other things.

DOWNLOAD THE ULTIMATE DORA GUIDE

Discover your best next steps for DORA. Please enter your name, email and company to receive the DORA Guide immediately:

USP

GET READY FOR DORA

The Digital Operational Resilience Act comes into effect on January 17th, 2025. Don't wait any longer and start taking action today.

00

days
:

00

hrs
:

00

min
:

00

sec

Why choose Secura | Bureau Veritas

At Secura/Bureau Veritas, we are dedicated to being your trusted partner in cybersecurity. We go beyond quick fixes and isolated services. Our integrated approach makes sure that every aspect of your company or organization is cyber resilient, from your technology to your processes and your people.

Secura is the cybersecurity division of Bureau Veritas, specialized in testing, inspection and certification. Bureau Veritas was founded in 1828, has over 80.000 employees and is active in 140 countries.