Chapter 2: An overall approach to compliance

Fundamentally, DORA is about risk management. While you can examine each of the ‘pillars’ independently, they all come back to this core activity – where you manage your ICT suppliers, you do so on the basis of risk; the way you prepare for incident response is, again, on the basis of risk; and so on.

The finance sector already understands risk – this is a core competence. Furthermore, ICT is not new to the sector, and organisations within it typically understand the risk environment. It is, after all, a rare day that we hear of a bank or credit institution being hit by a major cyber attack.

To build on this, many of DORA’s requirements simply reiterate existing expectations from regulators and requirements ...

Get DORA - A guide to the EU digital operational resilience act now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

DORA - A guide to the EU digital operational resilience act by Andrew Pattison

CHAPTER 2: AN OVERALL APPROACH TO COMPLIANCE

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly