Strengthening Operational Resilience in Financial Services
The Digital Operational Resilience Act (DORA) is a European Union (EU) regulation that establishes a mandatory, comprehensive information and communication technology (ICT) risk management framework for the EU financial sector. DORA focuses on enhancing the IT security of financial organizations, in order to help them to remain resilient during significant operational disruptions. It also outlines expectations for these organizations regarding the management, testing, and reporting of ICT issues.
DORA holds financial institutions responsible for the resilience of all their ICT components, dependencies, and suppliers related to the services they provide. Financial institutions need to be able to quickly identify issues affecting transaction execution and determine their root causes for remediation and compliance with enhanced disclosure and reporting requirements.
ThousandEyes for DORA
ThousandEyes can help financial institutions meet Digital Operational Resilience Act (DORA) principles by providing financial institutions with a holistic approach to network, SaaS, cloud, and digital experience monitoring. ThousandEyes helps financial institutions uncover dependencies, emulate user experience, and monitor third-party ICT service providers, ultimately helping financial institutions identify risk and improve digital resilience.
Gain Full Visibility Into Your Digital Environment
Financial institutions often face the challenge of limited visibility into their entire IT ecosystem, particularly when it comes to third-party dependencies. ThousandEyes offers a centralized view of how network traffic flows across every network hop, including Internet routing (BGP), cloud services, and even SaaS environments. This enables institutions to gain a comprehensive understanding of their end-to-end digital landscape, allowing them to effectively monitor and manage their IT infrastructure.
Quickly Diagnose the Causes of Disruptions
Identifying the source of disruptions can be difficult and time-consuming, leading to unnecessary customer impacts and possibly regulatory repercussions. With ThousandEyes’ historical and time-correlated views, IT teams can see when disruptions occur and what parts of the infrastructure are involved. This helps institutions quickly diagnose the causes of disruptions, minimizing downtime and improving customer satisfaction.
Collaborate Effectively To Resolve Issues Swiftly
Financial institutions may not be directly responsible for the infrastructure at fault, which makes collaboration with their service providers essential. Shared Snapshots offer a way for ThousandEyes customers to share an interactive view of incidents, providing evidence and critical information to third-party providers. This feature facilitates effective collaboration among organizations, allowing them to act swiftly to address issues and ensuring a smooth and coordinated recovery.
Featured Resources
Insights and best practices for IT operations teams navigating the requirements brought by DORA.
ThousandEyes and the Digital Operational Resilience Act
Dive deeper into how ThousandEyes enables financial institutions to observe, understand, and act on ICT issues.
The Role of Assurance in Digital Operational Resilience
Learn about DORA, its implications, and how ThousandEyes can contribute within this framework.
DORA Checklist: 3 Key Areas To Watch
Explore this DORA checklist for three critical factors that NetOps teams must monitor on an ongoing basis.
DORA & ITOps Best Practices
Listen to the conversation as ThousandEyes’ experts discuss what ITOps teams should know about DORA.
Learn About DORA
Get answers to some of the frequently asked questions about the Digital Operational Resilience Act.
The European Union’s Digital Operational Resilience Act (DORA) aims to strengthen the IT security of financial entities like banks, insurance companies, and investment firms. It requires financial institutions serving the EU to meet an enhanced set of requirements related to ICT risk management, network resilience, and ICT incident reporting.
DORA goes into effect on January 17, 2025. The European Union had given financial institutions two years to implement the act’s recommendations, starting on January 16, 2023, noting that those requirements would become enforceable on January 17, 2025.
DORA directly applies to EU financial institutions. However, it also raises important conversations about resilience and assuring digital experiences that are relevant for IT operations teams across industries and regions.
In particular, DORA highlights a key ITOps best practice: taking responsibility for your entire service delivery chain—both owned and unowned components. DORA requires financial institutions to consistently monitor their own ICT (Information & Communications Technology) infrastructure, and assess risks associated with third-party ICT providers.
Before January 17, 2025, financial services institutions should review all DORA requirements and make sure they are compliant. The DORA regulations cover five main topics:
- ICT Risk Management
- ICT-related Incident Management, Classification, & Reporting
- Digital Operational Resilience Testing
- ICT Third-party Risk Management
- Information Sharing Arrangements
However, after January 17, 2025, financial services institutions will have to take continued steps to make sure they remain compliant. See this DORA checklist for three key areas ITOps teams should keep in mind: ensuring your backup is always ready for action, building (and maintaining) a comprehensive monitoring system, and actively monitoring third-party systems.
Discover how Cisco can help financial institutions meet the DORA regulatory principles.