On 27 December 2022, the Digital OperationsResilience Act (DORA) was officially published in the Official Journal of theEU. This significant legislative act, consisting of both a Regulation and aDirective, focuses on digital operational resilience within the financialsector and is set to be fully applicable from January 2025.

DORA is designed to apply to a broad spectrum of financial entities regulated by the Central Bank of Ireland (Digital Operational Resilience Act (DORA)2024). For the first time, it consolidates provisions addressing digital operational risk across the financial sector into a cohesive legislative framework. The act introduces targeted rules encompassing several key areas:

•       Information and Communication Technology (ICT) risk management

•       ICT-related incident management, classification, and reporting

•       Digital operational resilience testing  

•       Management of ICT third-party risk, including an oversight frame work for critical ICT third-party service providers  

•       Information sharing arrangements  

Regulated financial entities will find similarities between many of DORA's requirements and the existing Central Bank guidance concerning Outsourcing, Operational Resilience, and IT &Cybersecurity Risks, as well as current sectoral guidelines. In a previous article, we discussed the scope of DORA and which entities are included or exempted. This week, we delve into the ICT Risk Management aspect of DORA and explore how Binarii Labs' solutions can assist in effective risk management.

ICT Risk Management Under DORA  

Financial entities must establish a comprehensive ICT risk management framework (DORA: Framework for management of digital risks in Financial Markets).This framework should include:  

1.       Resilient ICT Systems and Tools: Implementing and maintaining systems and tools that minimise the impact of ICT risks.  

2.       Critical Functions and Assets: Identifying, classifying, and documenting critical functions and assets.  

3.       Continuous Monitoring: Monitoring all sources of ICT risks continuously to set up protection and prevention measures.  

4.       Anomalous Activity Detection: Promptly detecting any anomalous activities.  

5.       Business Continuity and DisasterRecovery: Developing comprehensive business continuity policies and disaster recovery plans, including annual testing covering all supporting functions.  

6.       Learning Mechanisms: Establishing mechanisms to learn and evolve from both external event sand the entity’s own ICT incidents.  

According to Article 6 of DORA (Article 6, ICT risk management framework),financial entities are required to minimise the impact of ICT risks by deploying appropriate strategies, policies, procedures, ICT protocols, and tools. Here, Binarii Labs' data security solutions can play a pivotal role in risk management.  

Binarii Labs: Enhancing Risk Management  

Binarii Labs offers comprehensive solutions that ensure compliance with DORA and NIS2 while enhancing an organisation's cybersecurity posture and operational resilience. Key features include:

•       Complete Business Continuity: Ensures that data remains 100% accessible with zero interruption, even in the event of a cloud location failure or breach, thus mitigating cloud breach and cloud outage risks.  

•       Mitigated Disaster Recovery Actions: Provides continuous access to data with minimal or no downtime, reducing the need for extensive disaster recovery actions.  

•       Reduced Reporting: In case of a cloud location breach, there is no "significant incident" requiring obligatory reporting, allowing for voluntary threat occurrence reporting without any harm to data subjects.  

•       Proof of Record: Utilises blockchain technology to provide tamper-proof proof of the date, time, and provenance of data files.

•       Automated Redundancy: Each data file is uniquely and individually duplicated during upload as part of a proprietary encryption, fragmentation, and multicloud distribution process, ensuring continuous independent backups.  

•       Sovereign Ownership of Data: Offers an automated multi-cloud storage solution where no single provider holds custody of any complete data file.  

•       Ease of Use for Staff: Requires no technical literacy from staff members, ensuring smooth operational integration.

•       Cost-Effective: Provides a cost-effective SaaS billing model with no additional tech consultancy fees, offering a fair and inexpensive pay-per-use model.  

Navigating DORA Compliance with Binarii Labs  

By leveraging Binarii Labs' advanced solutions, organisations can confidently meet the requirements of DORA andNIS2, ensuring compliance while maintaining robust security and operational efficiency. To learn more about how Binarii Labs' data security solutions can help your organisation achieve compliance with NIS2, DORA, and GDPR regulations, visit our website at Binarii Labs.

References    

Central Bank ofIreland (2024) Digital Operational Resilience Act (DORA). Available at:

https://www.centralbank.ie/regulation/digital-operational-resilience-act-(dora)(Accessed: 07 August 2024).  

European Parliament and of the Council of 14December 2022 (no date) Article 6, ICT risk managementframework. European Parliament and of the Council of14 December 2022. Available at:https://www.digital-operational-resilience-act.com/Article_6.html (Accessed: 07August 2024).  

‍