ISACA Provides Guidance Around EU’s Proposed Digital Operational Resilience Act
14.10.2021 17:19:00 EEST | Business Wire | Press release
Reforms following the 2008 financial crisis helped strengthen the resilience of the financial sector, but did not fully address digital operational resilience. The European Union’s recently released Digital Operational Resilience Act (DORA) draft is designed to provide digital operational resilience rules for EU financial institutions, and ISACA provides guidance on this proposal in its new white paper, Digital Operational Resilience in the EU Financial Sector: A Risk-Based Approach .
When finalized, DORA will enact rules for financial services system operators like investment firms, credit institutions, trading venues and electronic money institutions to ensure these systems’ stability and resilience to cyber incidents. Digital Operational Resilience in the EU Financial Sector outlines the objectives and legal basis for DORA, as well as its information and communication technology (ICT) requirements around risk management, information and cybersecurity, incident reporting, testing, and oversight of third-party service providers, some of which include:
- Set up and maintain resilient ICT systems and tools that minimize the impact of ICT risk.
- Have an ICT risk-management framework that includes strategies, policies, procedures, ICT protocols and tools necessary to effectively protect all relevant physical components and infrastructures from risk, such as damage and unauthorized access or usage.
- Test the ICT business continuity policy and the ICT disaster recovery plan at least yearly, and after substantive changes to the ICT systems.
- Include relevant provisions on accessibility, availability, integrity, security and protection of personal data, and guarantees for access, recover and return in the case of failures of the ICT third-party service providers in contracts that govern the relationship with third-party providers.
“The requirements laid out in DORA to identify all sources of ICT risk on a continuous basis and mandate an annual review of ICT risk management frameworks and review after a major incident, audit or testing are a step in the right direction,” says Chris Dimitriadis, ISACA chief global strategy officer. “However, to further strengthen the act, ISACA encourages provisions ensuring that ICT risk management plans go beyond being a compliance exercise by embedding governance responsibility within the management body, as well as requiring continuous training and ICT awareness of senior management and staff and independent testing performed by testers who are certified.”
During this period in which the DORA regulation is under consideration in the European Parliament and Council of the EU, ISACA’s EU Task Force is engaging with policy makers and sharing feedback. The final version of the regulation is expected in an estimated 18-24 months.
“ISACA is recognized among policy makers as an independent source of expertise on cybersecurity issues. The variety of backgrounds and experience of our members, reflected in the EU Task Force, have been welcomed by policy makers who have valued our contributions to the debate,” says Emily Bastedo, ISACA director for global government relations and public affairs.
To download a complimentary copy of Digital Operational Resilience in the EU Financial Sector, visit https://store.isaca.org/s/store#/store/browse/detail/a2S4w000004L1sxEAC. Additional publications that may be helpful for financial entities as they prepare for DORA include ISACA’s Risk IT Framework, 2nd Edition; Risk IT Practitioner Guide, 2nd Edition ; and IT Risk Fundamentals Study Guide. Other IT risk-related resources can be found at www.isaca.org/resources/it-risk.
About ISACA
For more than 50 years, ISACA® (www.isaca.org) has advanced the best talent, expertise and learning in technology. ISACA equips individuals with knowledge, credentials, education and community to progress their careers and transform their organizations, and enables enterprises to train and build quality teams. ISACA is a global professional association and learning organization that leverages the expertise of its more than 150,000 members who work in information security, governance, assurance, risk and privacy to drive innovation through technology. It has a presence in 188 countries, including more than 220 chapters worldwide. In 2020, ISACA launched One In Tech, a philanthropic foundation that supports IT education and career pathways for under-resourced, under-represented populations.
Twitter:
www.twitter.com/ISACANews
LinkedIn:
www.linkedin.com/company/isaca
Facebook:
www.facebook.com/ISACAGlobal
Instagram:
www.instagram.com/isacanews
To view this piece of content from cts.businesswire.com, please give your consent at the top of this page.
View source version on businesswire.com: https://www.businesswire.com/news/home/20211014005760/en/
Contact information
Emily Van Camp, evcamp@isaca.org, +1.847.385.7223
Kristen Kessinger, communications@isaca.org, +1.847.660.5512
About Business Wire
For more than 50 years, Business Wire has been the global leader in press release distribution and regulatory disclosure.
Subscribe to releases from Business Wire
Subscribe to all the latest releases from Business Wire by registering your e-mail address below. You can unsubscribe at any time.
Latest releases from Business Wire
VerSprite Launches Fork and Knife: AI-Driven Threat Modeling and Adversarial Testing Built for the Speed of Modern Software27.6.2026 00:28:00 EEST | Press release
VerSprite, a global leader in risk-based threat modeling and the firm behind the PASTA (Process for Attack Simulation and Threat Analysis) methodology, today announced the general availability of Fork (www.forktm.com), a continuous application threat modeling platform, alongside Knife, an AI-led, human-on-the-loop adversarial testing platform for web applications and web API endpoints. Together, the two products operationalize a new model for product security—one where applications are securely designed, continuously modeled, and actively tested as part of the build process itself. The launch addresses a problem every security leader knows but few tools have solved: threat modeling is essential, never more so than in an AI-driven era, yet it has remained slow, manual, and anchored to frameworks designed for a different threat landscape. The problem: threat modeling matters more than ever—and most tools are stuck in 2005 For two decades, application threat modeling has leaned heavily on
Venture Global Announces Closing of $1.5 Billion Senior Secured Vessel Financing Facility26.6.2026 23:30:00 EEST | Press release
Venture Global, Inc. (NYSE: VG) announced today that its wholly-owned subsidiary, Venture Global Shipping Holdings, LLC (“VGSH”), has entered into a Credit and Guaranty Agreement providing for a senior secured term loan facility (the “Facility”) in an aggregate principal amount of up to $1,500,000,000. The Facility will mature on June 26, 2032. Deutsche Bank and ING acted as coordinating lead arrangers for the Facility. ING also serves as facility agent and security trustee. VGSH intends to use the net proceeds from the Facility for general corporate purposes, including to reimburse Venture Global LNG, Inc. for payments previously made by it or its affiliates in connection with the acquisition of nine LNG carriers, funding certain reserve accounts, and paying transaction fees and expenses. About Venture Global Venture Global is an American producer and exporter of low-cost U.S. liquefied natural gas (“LNG”) with over 100 MTPA of capacity in production, construction, or development. Ven
Capco Recognized by OpenAI for Innovation and Responsible AI Leadership26.6.2026 21:00:00 EEST | Press release
Global management and technology consultancy Capco, a Wipro company,has been recognized by OpenAI for both AI innovation and responsible AI leadership. Capco received the AI Governance & Risk Excellence Award at the recent OpenAI Partner Summit 2026 in San Francisco, highlighting Capco’s ability to deliver enterprise-grade AI outcomes in highly regulated environments. The award recognizes Capco’s expert advantage when helping financial services and energy organizations to scale AI with confidence, balancing innovation with strong governance to reduce risk, strengthen compliance and improve customer outcomes. This award follows Capco winning the OpenAI Codex Hackathon, where its UK AI Lab competed against more than 30 teams and over 100 participants from across the OpenAI partner ecosystem. Capco's winning entry Sentra – a consulting-led, AI-powered retail banking solution – uses digital twin technology to identify vulnerable customers and recommend explainable next-best actions for fro
Incyte Announces Positive CHMP Opinion for Opzelura ® (ruxolitinib) Cream for the Treatment of Adults with Moderate Atopic Dermatitis26.6.2026 14:30:00 EEST | Press release
Incyte (Nasdaq: INCY) today announced that the Committee for Medicinal Products for Human Use (CHMP) of the European Medicines Agency (EMA) has issued a positive opinion recommending the approval of Opzelura® (ruxolitinib) cream for the treatment of moderate atopic dermatitis (AD) in adult patients for whom topical corticosteroids (TCSs) and topical calcineurin inhibitors (TCIs) are inadequate or inappropriate. “AD is a chronic skin condition that can have a significant impact on daily life. The positive CHMP opinion for Opzelura marks meaningful progress toward bringing the first non-steroidal topical JAK treatment option to adults in Europe with moderate AD for whom standard topical therapies have failed,” said Lee Heeson, Executive Vice President and Head of Incyte International. “If approved by the European Commission, Opzelura could help address an important gap for patients who have limited treatment options when TCSs and TCIs are inadequate or inappropriate.” The positive CHMP o
Datroway ® Recommended for Approval in the EU by CHMP as First-Line Treatment for Patients with Metastatic Triple Negative Breast Cancer Who Are Not Candidates for Immunotherapy26.6.2026 14:00:00 EEST | Press release
Datroway® (datopotamab deruxtecan) has been recommended for approval in the European Union (EU) as monotherapy for the first-line treatment of adult patients with unresectable or metastatic triple negative breast cancer (TNBC) who are not candidates for PD-1/PD-L1 inhibitor therapy. Datroway is a specifically engineered TROP2 directed DXd antibody drug conjugate (ADC) discovered by Daiichi Sankyo (TSE: 4568) and being jointly developed and commercialized by Daiichi Sankyo and AstraZeneca (LSE/STO/NYSE: AZN). The Committee for Medicinal Products for Human Use (CHMP) of the European Medicines Agency (EMA) based its positive opinion on results from the TROPION-Breast02phase 3 trial, which werepresented at the 2025 European Society for Medical Oncology Congress and published in Annals of Oncology. The recommendation will now be reviewed by the European Commission, which has the authority to grant marketing authorizations for medicines in the EU. In TROPION-Breast02, Datroway demonstrated a
In our pressroom you can read all our latest releases, find our press contacts, images, documents and other relevant information about us.
Visit our pressroom