Digital Operational Resilience Act: Difference between revisions
Jump to navigation
Jump to search
Amwelladmin (talk | contribs) Created page with "{{a|euregulation|}}The Digital Operational Resilience Act — so named even though the EU doesn’t technically ''have'' “acts”, we think, because “DORA” is a neat and quite cute acronym whereas “DORR” sounds a bit intellectually challenged and “DORD” sounds like what you find in a Galway lavatory — is an EU Regulation aimed at strengthening the IT security of financial entities and ensuring the European financial sector remains resilient during severe..." |
Amwelladmin (talk | contribs) No edit summary |
||
| Line 3: | Line 3: | ||
It comes into force on 17 January 2025. | It comes into force on 17 January 2025. | ||
It requires in-scope entities to ensure there are key provisions in legal contracts with providers of in-scope IT contracts: | It requires in-scope entities to ensure there are key provisions in legal contracts with providers of in-scope IT contracts to ensure that financial entities maintain operational resilience and can manage risks associated with ICT services effectively: | ||
{{L1}}'''Description of Services''': A clear description of all functions and ICT services, and the locations from where these services and data processing are provided.<li> | {{L1}}'''Description of Services''': A clear description of all functions and ICT services, and the locations from where these services and data processing are provided.<li> | ||
'''Service Levels''': Detailed [[service level agreement]]s — gulp — specifying performance standards and uptime availability. <li> | '''Service Levels''': Detailed [[service level agreement]]s — gulp — specifying performance standards and uptime availability. <li> | ||
'''Data security''': Providing for data security and protection from unauthorised access. <li> | '''Data security''': Providing for data security and protection from unauthorised access. <li> | ||
'''Audit rights''': Wide-ranging audit rights for the financial entity to ensure compliance with the contractual terms and regulatory | '''Audit rights''': Wide-ranging audit rights for the financial entity to ensure compliance with the contractual terms and regulatory requirements. <li> | ||
Termination Rights: Specific termination rights, including conditions under which the contract can be terminated and the procedures for doing | '''Termination Rights''': Specific termination rights, including conditions under which the contract can be terminated and the procedures for doing so. <li> | ||
Subcontracting: Conditions for subcontracting ICT services, especially for critical or important | '''Subcontracting''': Conditions for subcontracting ICT services, especially for critical or important functions<li> | ||
'''Co-operation with Authorities''': Requirements for the ICT service provider to cooperate fully with competent authorities in case of investigations or incidents. <li> | |||
Exit Strategies: Provisions for managing the exit and transition of services to another provider or back in-house, ensuring continuity and minimal | '''Exit Strategies''': Provisions for managing the exit and transition of services to another provider or back in-house, ensuring continuity and minimal disruption. </ol> | ||
{{sa}} | {{sa}} | ||
*{{plainlink|https://eur-lex.europa.eu/eli/reg/2022/2554/oj|Legislation}} | *{{plainlink|https://eur-lex.europa.eu/eli/reg/2022/2554/oj|Legislation}} | ||
Revision as of 14:44, 6 August 2024
|
The JC’s Reg and Leg resource™
EU Edition
|
The Digital Operational Resilience Act — so named even though the EU doesn’t technically have “acts”, we think, because “DORA” is a neat and quite cute acronym whereas “DORR” sounds a bit intellectually challenged and “DORD” sounds like what you find in a Galway lavatory — is an EU Regulation aimed at strengthening the IT security of financial entities and ensuring the European financial sector remains resilient during severe operational disruption.
It comes into force on 17 January 2025.
It requires in-scope entities to ensure there are key provisions in legal contracts with providers of in-scope IT contracts to ensure that financial entities maintain operational resilience and can manage risks associated with ICT services effectively:
- Description of Services: A clear description of all functions and ICT services, and the locations from where these services and data processing are provided.
- Service Levels: Detailed service level agreements — gulp — specifying performance standards and uptime availability.
- Data security: Providing for data security and protection from unauthorised access.
- Audit rights: Wide-ranging audit rights for the financial entity to ensure compliance with the contractual terms and regulatory requirements.
- Termination Rights: Specific termination rights, including conditions under which the contract can be terminated and the procedures for doing so.
- Subcontracting: Conditions for subcontracting ICT services, especially for critical or important functions
- Co-operation with Authorities: Requirements for the ICT service provider to cooperate fully with competent authorities in case of investigations or incidents.
- Exit Strategies: Provisions for managing the exit and transition of services to another provider or back in-house, ensuring continuity and minimal disruption.