DORA - A guide to the EU digital operational resilience act by Andrew Pattison

CHAPTER 3: IMPLEMENTATION PROCESS

Implementing a DORA compliance programme is potentially a large project, especially if you rely heavily on service providers or have little practical experience with information security. Establishing a strong process for the project is crucial, as it will help ensure you address each point in turn and within your organisation’s management structures.

This chapter sets out a simple process for ensuring your programme meets DORA’s requirements while building a solid structure for ongoing compliance. It is broadly similar to the process we recommend for implementing management systems such as ISO 27001.¹⁷

Pre-project

Before the project begins, you need to identify and gather key resources. Much of this will simply ...