top of page

DORA - Digital Operational Resilience Act

Writer's picture: Glenn BluffGlenn Bluff

So DORA is nearly here. What does Article 30 mean for CSPs?

The Lead Overseer shall assess whether each critical ICT third-party service provider

has in place comprehensive, sound and effective rules, procedures, mechanisms and

arrangements to manage the ICT risks which it may pose to financial entities. That

assessment shall primarily focus on the ICT services supporting critical or important

functions provided by the critical ICT third-party service providers to financial

entities, but may also be broader if relevant to the assessment of the risks to those

functions.


2. The assessment referred to in paragraph 1a shall include:

(a) ICT requirements to ensure, in particular, the security, availability, continuity,

scalability and quality of services which the critical ICT third-party service

provider provides to financial entities, as well as the ability to maintain at all

times high standards of security, confidentiality and integrity of data;

(b) the physical security contributing to ensuring the ICT security, including the

security of premises, facilities, datacentres;

(c) the risk management processes, including ICT risk management policies, ICT, business continuity and ICT disaster recovery plans;

(d) the governance arrangements, including an organisational structure with clear,

transparent and consistent lines of responsibility and accountability rules

enabling an effective ICT risk management;

(e) the identification, monitoring and prompt reporting of major ICT-related

incidents to the financial entities, the management and resolution of those

incidents, in particular cyber-attacks;

(f) the mechanisms for data portability, application portability and interoperability,

which ensure an effective exercise of termination rights by the financial entities;

(g) the testing of ICT systems, infrastructure and controls;

(h) the ICT audits;

(i) the use of relevant national and international standards applicable to the

provision of its ICT services to the financial entities.


16 views0 comments

Recent Posts

See All

Parish Council Internal Audit

Why not outsource your Parish Council Internal Audit? We offer a fixed fee Parish Council Internal Audit service. £250+vat We perform all...

Comments


bottom of page