DORA specifies the following key requirements:
- Risk Management
- Third Party Risk Management
- Digital Operation Resilience Testing
- Incident management, classification and reporting
- Information sharing
- Oversights of critical third-party providers
How can we help?
Based on your requirements we can provide the right support to help you achieve DORA compliance, including:
Gap Analysis
If you are looking to assess and measure your current compliance to DORA we can assist by delivering a gap analysis.
We will work with you to interview key individuals in the organisation, assess your current cyber security arrangements and review your existing policies and procedures for relevancy, effectiveness and efficiency to determine any potential red flag areas that may indicate non-compliance with DORA.
You will receive a detailed gap analysis Report that collates the findings of this assessment, with everything you need to know in order to become compliant.
Implementation Support
Having conducted a gap analysis and identified any areas where improvements are required, we can assist with any implementation or remediation activities to ensure you achieve and maintain compliance in the most practical and effective manner.
Penetration Testing and Vulnerability Scanning
A key requirements of DORA is the need to undertake threat led penetration testing.
Threat-led penetration testing (TLPT) means a framework that mimics the tactics, techniques and procedures of real-life threat actors perceived as posing a genuine cyber threat, that delivers a controlled, bespoke, intelligence-led (red team) test of the financial entity’s critical live production systems.
As a CREST accredited organisation, we can help to scope and perform your threat led penetration testing in alignment with the requirements of DORA.
Cyber security Training & Awareness
Regular training programs to keep all employees informed about the latest cyber security practices and threats, fostering a culture of security awareness.
We can help to implement a cyber security Training & Awareness program or provide you with our Managed Security Awareness service which covers monthly security training, simulated phishing, policy management and email address breach detection.
Incident Handling
Implementation of comprehensive plans that cover detection, reporting, response, and recovery from security breaches to minimise potential impacts.
We can help to implement an Incident Response Plan, Incident Response Playbooks and provide Tabletop Exercises to test your response capability.
Supply Chain Security
Assessment of supply chain risks and implementation of security measures to manage and mitigate risks from external suppliers and partners.
We can review your current supply chain security processes including policies, procedures, questionnaires and working practices against best practice. We’ll consider the nature of your organisation and the suppliers you work with and provide ‘right sized’ recommendations for improvement.
Compliance with international standards
Compliance with known security frameworks and certifications such as ISO 27001 can help to support DORA compliance.
We can help to implement ISO 27001 across your business, by building an ISMS, implementing controls, conducting internal audits and supporting certification audits.
Our Security Consultants are all vendor agnostic and come with a wide range of technical and information security (e.g. ISO 27001) skills and experience and are well placed to understand the impact that the implementation of the CAF Framework is likely to have on your organisation.
Get in touch
Start your DORA Compliance Journey
Speak with one of our team to see how we can help you become DORA Compliant.