Amidst an ever-evolving threat landscape, the European Union (EU) has taken a decisive step to safeguard the resilience of the financial system by enacting the Digital Operational Resilience Act (DORA).
This crucial legislation, which will come into force on 17th January 2024, is focusing particularly on reducing the risks emanating from critical ICT third-party service providers to the sector. As such, DORA has significant third-party risk management implications for organisations in scope.
Risk Ledger has teamed up with Evelyn Partners to produce a comprehensive white paper on DORA’s third-party risk management implications.
In this white paper, you will learn:
- The basics of DORA, its five key pillars and which organisations outside the EU fall under its remit
- DORA’s key requirements as they relate to ICT risk management, ICT incident response reporting, Digital Operational Resilience Testing, ICT Third-Party Risk Management and Information Sharing
- What DORA says about contractual agreements with critical third-parties and the need for exit clauses
- How DORA expects financial entities to reduce concentration risks to the sector, and ensure the security of subcontractors and other 4th parties that are critical to their operations.
- Why continuous monitoring of all critical third-parties during the entire contract lifecycle is expected
