Business Wire

ISACA Provides Guidance Around EU’s Proposed Digital Operational Resilience Act

Share

Reforms following the 2008 financial crisis helped strengthen the resilience of the financial sector, but did not fully address digital operational resilience. The European Union’s recently released Digital Operational Resilience Act (DORA) draft is designed to provide digital operational resilience rules for EU financial institutions, and ISACA provides guidance on this proposal in its new white paper, Digital Operational Resilience in the EU Financial Sector: A Risk-Based Approach .

When finalized, DORA will enact rules for financial services system operators like investment firms, credit institutions, trading venues and electronic money institutions to ensure these systems’ stability and resilience to cyber incidents. Digital Operational Resilience in the EU Financial Sector outlines the objectives and legal basis for DORA, as well as its information and communication technology (ICT) requirements around risk management, information and cybersecurity, incident reporting, testing, and oversight of third-party service providers, some of which include:

  • Set up and maintain resilient ICT systems and tools that minimize the impact of ICT risk.
  • Have an ICT risk-management framework that includes strategies, policies, procedures, ICT protocols and tools necessary to effectively protect all relevant physical components and infrastructures from risk, such as damage and unauthorized access or usage.
  • Test the ICT business continuity policy and the ICT disaster recovery plan at least yearly, and after substantive changes to the ICT systems.
  • Include relevant provisions on accessibility, availability, integrity, security and protection of personal data, and guarantees for access, recover and return in the case of failures of the ICT third-party service providers in contracts that govern the relationship with third-party providers.

“The requirements laid out in DORA to identify all sources of ICT risk on a continuous basis and mandate an annual review of ICT risk management frameworks and review after a major incident, audit or testing are a step in the right direction,” says Chris Dimitriadis, ISACA chief global strategy officer. “However, to further strengthen the act, ISACA encourages provisions ensuring that ICT risk management plans go beyond being a compliance exercise by embedding governance responsibility within the management body, as well as requiring continuous training and ICT awareness of senior management and staff and independent testing performed by testers who are certified.”

During this period in which the DORA regulation is under consideration in the European Parliament and Council of the EU, ISACA’s EU Task Force is engaging with policy makers and sharing feedback. The final version of the regulation is expected in an estimated 18-24 months.

“ISACA is recognized among policy makers as an independent source of expertise on cybersecurity issues. The variety of backgrounds and experience of our members, reflected in the EU Task Force, have been welcomed by policy makers who have valued our contributions to the debate,” says Emily Bastedo, ISACA director for global government relations and public affairs.

To download a complimentary copy of Digital Operational Resilience in the EU Financial Sector, visit https://store.isaca.org/s/store#/store/browse/detail/a2S4w000004L1sxEAC. Additional publications that may be helpful for financial entities as they prepare for DORA include ISACA’s Risk IT Framework, 2nd Edition; Risk IT Practitioner Guide, 2nd Edition ; and IT Risk Fundamentals Study Guide. Other IT risk-related resources can be found at www.isaca.org/resources/it-risk.

About ISACA

For more than 50 years, ISACA® (www.isaca.org) has advanced the best talent, expertise and learning in technology. ISACA equips individuals with knowledge, credentials, education and community to progress their careers and transform their organizations, and enables enterprises to train and build quality teams. ISACA is a global professional association and learning organization that leverages the expertise of its more than 150,000 members who work in information security, governance, assurance, risk and privacy to drive innovation through technology. It has a presence in 188 countries, including more than 220 chapters worldwide. In 2020, ISACA launched One In Tech, a philanthropic foundation that supports IT education and career pathways for under-resourced, under-represented populations.

Twitter: www.twitter.com/ISACANews
LinkedIn: www.linkedin.com/company/isaca
Facebook: www.facebook.com/ISACAGlobal
Instagram: www.instagram.com/isacanews

To view this piece of content from cts.businesswire.com, please give your consent at the top of this page.

Contact information

Emily Van Camp, evcamp@isaca.org, +1.847.385.7223
Kristen Kessinger, communications@isaca.org, +1.847.660.5512

About Business Wire

For more than 50 years, Business Wire has been the global leader in press release distribution and regulatory disclosure.

Subscribe to releases from Business Wire

Subscribe to all the latest releases from Business Wire by registering your e-mail address below. You can unsubscribe at any time.

Latest releases from Business Wire

EUMETSAT: Europe’s First Geostationary Sounder Satellite Is Launched2.7.2025 14:20:00 EEST | Press release

Europe has taken a major step forward in strengthening its resilience to extreme weather events with the successful launch of the Meteosat Third Generation Sounder 1 (MTG-S1) satellite. MTG-S1 will deliver new streams of atmospheric data, enabling earlier, more accurate warnings that protect lives, property and infrastructure. This press release features multimedia. View the full release here: https://www.businesswire.com/news/home/20250702002782/en/ MTG-S1 is part of the Meteosat Third Generation programme, Europe’s new fleet of geostationary meteorological satellites. Image: EUMETSAT Extreme weather events like storms, flooding, and heatwaves have caused hundreds of billions of euros in damage and claimed tens of thousands of lives across Europe in the past decades. Launched on 1 July 2025, MTG-S1 will provide Europe’s national meteorological services with high-frequency data on temperature, humidity and trace gases throughout the atmosphere – enabling forecasters to detect the earli

HCLTech and Equinor Expand Digital Collaboration2.7.2025 14:08:00 EEST | Press release

HCLTech, a global technology leader, and Equinor, Europe's largest energy supplier and a pioneer in renewables and low-carbon solutions, have expanded their IT collaboration to support the next phase of Equinor’s digital transformation. This expanded relationship will cover Equinor’s IT landscape across several key strategic areas. HCLTech will support Equinor as it accelerates its digital transformation by: Accelerating its cloud migration and standardizing services across operations Enhancing its cyber resilience and network performance Improving workplace experience through automation Enabling advanced user experiences with technologies like augmented reality (AR) "We’re pleased to continue our long-standing collaboration with Equinor," said Sandeep Kumar Saxena, Executive Vice President, HCLTech. "This collaboration reflects our shared commitment to innovation and sustainability.” Over the past decade, HCLTech has been a trusted advisor to Equinor, supporting the company’s global e

Wizz Air Tops Major Airline Emissions Rankings2.7.2025 12:00:00 EEST | Press release

Wizz Air is the world's most emissions-efficient airline in new rankings released today by Cirium, the aviation analytics firm. The Cirium Flight Emissions Review ranks the top 20 airlines globally, through a consistent benchmark for flight emissions. This press release features multimedia. View the full release here: https://www.businesswire.com/news/home/20250702342529/en/ The top 20 Major airlines globally, ranked by lowest CO2/ASK Wizz Air, the Hungary-based ultra-low-cost airline emits an industry low of 53.9 grams of CO₂ per Available Seat Kilometer (ASK)*, followed by Frontier Airlines (54.4 grams) and Pegasus (57.1 grams) according to the report. The rankings provide the aviation industry with verified comparable data on an equal playing field as the sector advances toward Net Zero by 2050 commitments. The rankings performance use Cirium's EmeraldSky platform, which achieved ISAE 3000 Reasonable Assurance from PricewaterhouseCoopers (PwC) and official accreditation from the Roc

L&T Technology Services Chosen by TRATON GROUP as Strategic Engineering Partner in Global R&D Transformation2.7.2025 11:59:00 EEST | Press release

L&T Technology Services (BSE: 540115, NSE: LTTS), today announced that it has been chosen by the TRATON GROUP, one of the world’s leading manufacturers of commercial vehicles, as a strategic engineering partner. This collaboration in LTTS’ Mobility segment will support TRATON’s roadmap to build a unified, future-ready product-development platform that delivers scale, speed, and sustainable mobility solutions worldwide. TRATON is reshaping its global R&D ecosystem to unlock cross-brand synergies while expanding the share of battery-electric vehicles in line with its 2029 profitability and sustainability targets. LTTS’ selection will see the company provide engineering support, from mechanical and software engineering to digital systems integration - across key development hubs in Sweden, Germany, the United States, Poland, and India. The collaboration positions LTTS to deepen existing workstreams and pursue new programs across TRATON’s brands, spanning software-defined vehicle architect

Nexo Becomes First-Ever Digital Wealth Platform of the DP World Tour, Launches Nexo Championship2.7.2025 11:30:00 EEST | Press release

Nexo, the premier digital assets wealth platform, has signed a three-year landmark partnership with the DP World Tour, becoming an Official Marketing Partner and the Tour’s Official Digital Wealth Platform through 2027. This agreement marks the first-ever multi-year partnership between a digital assets company and a major global golf tour — a historic convergence of crypto and golf — reflecting both organizations’ shared commitment to performance, innovation, and a global outlook. This press release features multimedia. View the full release here: https://www.businesswire.com/news/home/20250702770847/en/ Nexo becomes the first-ever Official Digital Wealth Platform of the DP World Tour. Nexo has also become the Title Partner of the newly renamed Nexo Championship — previously the Scottish Championship — taking place from August 7–10, 2025. The tournament is set at the Trump International Golf Links in Aberdeenshire, which has earned a reputation as one of the finest modern links courses

In our pressroom you can read all our latest releases, find our press contacts, images, documents and other relevant information about us.

Visit our pressroom
World GlobeA line styled icon from Orion Icon Library.HiddenA line styled icon from Orion Icon Library.Eye