Preparing for DORA: Management Systems for Digital Resilience

The Regulation (EU) 2022/2554, known as DORA (Digital Operational Resilience Act), will come into force in 2025. It introduces new requirements for financial entities across Europe to strengthen their operational resilience against ICT-related disruptions that could impact critical systems and services.

DORA aims to ensure that financial organisations can anticipate, withstand, respond to, and recover from cyber incidents and operational failures that threaten their technological infrastructure.

Key pillars of DORA:

• Proactive management of ICT risks
• Timely notification of major incidents
• Rigorous testing of operational resilience
• Oversight of third-party ICT service providers
• Information-sharing mechanisms across financial entities

Implementing these measures effectively is not just a compliance exercise — it lays the foundation for a culture of security, trust, and sustained digital resilience.

The role of international standards

One of the most effective ways to meet DORA’s requirements is by adopting internationally recognised frameworks such as ISO/IEC 27001, which defines the structure for an Information Security Management System (ISMS). This standard supports ICT risk control, protection of critical assets, incident response, and business continuity — all aligned with DORA's core principles.

Depending on the organisation’s technological landscape and risk exposure, other complementary standards may be relevant:

• ISO/IEC 22301 – Business Continuity Management

• ISO/IEC 20000-1 – IT Service Management

Together, these frameworks enhance operational resilience and provide regulators with clear evidence of a proactive approach to security, compliance, and continuous improvement.

If your organization is looking to strengthen its digital resilience and align with DORA, we’re here to help identify and implement the most suitable solutions.