BLOG

Increase your organization's digital resilience with DORA

Feb. 20, 2025
Stephan Brinkhuis

Are you ready for the Digital Operational Resilience Act (DORA)? This new European legislation, which will take effect as of January 2025 has become, presents a great opportunity for financial institutions to strengthen their cyber and operational resilience. In this blog post, we explain exactly what DORA means, why it is important, and how your organization can best prepare. 

What is DORA?
The Digital Operational Resilience Act (DORA) is a European regulation and directive that helps financial institutions become more resilient to cyber threats and operational disruptions. This means your organization needs to be ready to effectively manage IT risks, report incidents quickly and regularly test and improve your digital resilience.
Why was DORA introduced?
Cybercriminals are increasingly targeting financial institutions because of the large amounts of money and sensitive personal data being managed. With DORA, the EU is providing a harmonized framework to increase cyber resilience and ensure the integrity, availability and security of financial systems.
For which organizations does DORA apply and from when?
DORA applies to a wide range of financial institutions, including banks, investment firms, pension funds, insurers, crypto asset providers and their critical IT service providers. Even though micro and small businesses are partially exempt, it is still crucial for any organization to understand the impact of DORA. This legislation has been in effect since January 2023, and as of January 2025, all affected organizations must be compliant.
Recent Developments Around DORA
  • Supervision by the AFM: The AFM will monitor compliance with DORA from January 2025, including thematic surveys and reports through the DORA portal. 
  • DORA information registry: at the latest before April 23, 2025 financial institutions must maintain and submit an information register to the DNB. 
  • Threat Led Penetration Testing (TLPT).: Certain firms must conduct extensive TLPT testing under the guidance of the AFM. 
How can you prepare for DORA?

The following steps will help you ensure that your organization is DORA compliant: 

GAP analysis

Assess your current status and identify deficiencies against DORA requirements. 

Implementation Plan

Develop a detailed plan to improve IT risk management, incident management and digital resilience.

Training and awareness

Make sure all your employees are aware of their role in IT systems security and incident reporting.

Testing digital resilience

Conduct regular penetration testing and incident response testing to ensure the resilience of your systems. 

Collaboration with IT service providers

Evaluate and strengthen your contracts and risk management measures with IT service providers. 

Regular audits and reviews

Schedule audits and reviews to ensure compliance and continuous improvement. 

Keep your organization ahead of the curve and take advantage of the opportunities DORA offers. uComply supports organizations in their preparations and also helps them stay demonstrably compliant.

Start Chat

Our mission to compliance

Ensuring availability, integrity and confidentiality

With uComply, you ensure that data is protected and only available in your organization's Microsoft 365 environment.

Innovative AI technology

uComply uses advanced AI technology to provide smart answers and enhanced user instructions, with, of course, live support from the uComply team. 

Seamless integration

Integrates seamlessly with Microsoft 365 making uComply a versatile and efficient choice for businesses of all sizes.

PHONE

+31880085959 (NL)

ADDRESS

uComply.cloud
Nieuwe Stationsstraat 10
6811 KS Arnhem
Netherlands

SITEMAP

Home

Features

Blog

Support

BOOK DEMO