Our vision on risk management emphasizes the important of a companies’ resilience. It is no surprise that, in response to past financial crisis, the EU introduced legislation and requires financial institutions to comply with The Digital Operational Resilience Act (DORA) which is binding in its entirety for all EU member states and becomes in effect the January 17th 2025.

DORA applies to critical third parties which provide IT-related services to financial entities and it DORA should be a trigger for either starting or enhancing your resilience journey. It creates a regulatory framework on digital operational resilience, whereby all firms need to make sure they can withstand, respond to and recover from all types of IT-related disruptions and threats.

Since DORA consolidates and updates rules on IT risks it is preferred to include the related risk management processes in the GRC tooling. In CERRIX you are able to set up the DORA framework and configure all available modules in such a way that you fully comply with DORA. The 3rd Party risk module contains functionalities needed to implement DORA in which 3rd party onboarding and monitoring are key. We strongly recommend to align the needs for DORA with other related IT risk Management components. For example, partly there is overlap the European Critical Infrastructure (ECI) Directive, but this might also be the case with (internal) corporate frameworks or national supervisors.