anavem.
Back to Glossary
D

DORA (Digital Operational Resilience Act)

DORA is an EU regulation establishing ICT risk management and operational resilience requirements for the financial sector.

What is DORA?

The Digital Operational Resilience Act (DORA) is an EU regulation that establishes a comprehensive framework for ICT risk management in the financial sector. DORA aims to ensure financial entities can withstand, respond to, and recover from ICT-related disruptions and threats.

Five Pillars of DORA

  1. ICT Risk Management: Governance framework and controls
  2. ICT Incident Reporting: Classification and notification requirements
  3. Digital Operational Resilience Testing: Including threat-led penetration testing
  4. ICT Third-Party Risk: Contractual and monitoring requirements
  5. Information Sharing: Threat intelligence exchange

Common Misconceptions

  • "DORA is just another compliance checkbox" - Requires operational changes
  • "Only applies to banks" - Broad financial sector scope
  • "Existing frameworks are sufficient" - DORA has specific requirements