The advantages of the DORA legislation at a glance:
Enhanced transparencyDORA sets out a high number of risk management requirements that apply to ICT partners. For example, the organisation should provide an overview of its suppliers and the sub-tier supplier network. DORA thus forces the organisation to more rigorously check the outsourcing chain and critical ICT suppliers. This results in making stricter and safer choices in respect of current and new partnerships. This improves information exchange and transparency in the supply chain.
Automated processesThanks to the DORA framework, it is clear which documentation and data needs to be provided. This requirement list and query process can be largely automated to ensure that data is delivered in a timely manner, allowing the organisation to focus more on assessing the delivered data.
Reinforcing the supply chain through mandatory disclosureIt is mandatory to disclose any incidents that have an impact on the financial institution's service provision. This enables the company to keep its grip on and overview of the supply chain and allows for quick action.
Enhanced complianceDetailed continuity plans are designed to ensure uninterrupted continuation of ICT services. Compliance is enhanced and administration is improved through the DORA framework. Financial institutions must implement a testing programme involving various vulnerability scans and (physical) security tests.
Better monitoring of securityTo monitor the supply chain, every new ICT agreement should be recorded. This involves setting up a log that keeps track of which ICT suppliers and sub-tiers signed agreements with the organisation. This allows for greater transparency in the supply chain and early detection of any disruptions.