Rules Navigator

Podcast: Practice and procedure with GRIP – DORA implementation

Thomas Hyrkiel
GRIP Montage: GRIP

Jean Hurley, Thomas Hyrkiel

 Click to share on Facebook (Opens in new window/tab) Click to share on Twitter (Opens in new window/tab) Click to share on LinkedIn (Opens in new window/tab) Click to share on WhatsApp (Opens in new window/tab)

DORA is a response to persistently elevated cyber threat levels, Jean and Thomas discuss how firms can achieve operational resilience.

In this episode, GRIP’s Commissioning Editor Jean Hurley spoke with our colleague Thomas Hyrkiel, Director of Content and Community at Global Relay, about all things DORA: implementation, scope, next steps for financial entities and ICT third-party providers, and the consequences of non-compliance.

The Digital Operational Resilience Act (DORA) sets uniform requirements for the security of network and information systems of companies and organizations operating in the financial sector as well as critical third parties which provide ICT (Information Communication Technologies)-related services to them, such as cloud platforms or data analytics services

We discussed:

  • the importance of DORA and how it can make a difference to financial institution resilience;
  • the scope of DORA and who is effected;
  • implementation plans – what processes should have been completed and what is there left to do;
  • implementation challenges for ICT third-party providers;
  • DORA compliance: Register of Information, mandatory contractual provisions, integration and legacy ICT systems;
  • designation of critical ICT third-party providers, with examples;
  • non-compliance with DORA – substantial fines, administrative penalties and remedial measures.

A transcript for this podcast is available here.

, , , , , ,

You may also like