We dive deep into the Digital Operational Resilience Act with Liam Mckenna, Partner at Mazars and Austin Kelly from Mazars. If you would like to work with Liam and Austin, please reach out to them here.
DORA (Digital Operational Resilience Act) is a new regulation that aims to address the increased digital risk organisations face. It focuses on five key pillars, including ICT risk management, incident management and reporting, digital operation resilience testing, and third-party risk. Non-compliance with DORA can damage an organisation's relationship with regulators and lead to remediation programs and penalties. Organisations need to start preparing for DORA compliance by scoping the project, conducting a gap analysis, developing a roadmap, and implementing mitigation actions. Key challenges include weaknesses in IT risk management, lack of asset management, and the need for standardised contract clauses. Organisations should take DORA seriously and not just treat it as a compliance project. They should invest in ongoing risk assessments, engage with third parties, and commit to implementing robust controls.
Key Takeaways
-DORA is a new regulation that addresses the increased digital risk faced by organisations
-It focuses on five key pillars: ICT risk management, incident management and reporting, digital operation resilience testing, and third-party risk
-Non-compliance with DORA can damage an organisation's relationship with regulators and lead to penalties.
-Organisations must start preparing for DORA compliance by scoping the project, conducting a gap analysis, developing a roadmap, and implementing mitigation actions. Challenges include weaknesses in IT risk management, lack of asset management, and the need for standardised contract clauses
-Organisations should take DORA seriously, invest in ongoing risk assessments, engage with third parties, and commit to implementing robust controls
Chapters
00:00 Introduction
00:55 Overview of DORA
06:09 Non-Compliance and Penalties
09:44 Preparing for DORA Compliance
13:16 Challenges in DORA Compliance
25:25 Key Considerations and Conclusion