Staying abreast of compliance requirements, even if they are not directly specified for your country, is still important, as your organization could be impacted, should you have offices in the affected country or provide services to an organization in countries where the regulations apply.
What is the DORA Regulation?
DORA, or Digital Operational Resilience Act, is a regulation that applies to European Union (EU) member states. It is a newer EU regulation designed to bolster cybersecurity for financial institutions as well as their third-party IT partners or providers. One of its aims is to reach a common level of digital operational resilience. The European Council adopted the Act on Nov. 28, 2022. It was entered into force on Jan. 17, 2023, and will be applied starting Jan. 17 2025. As a Regulation, DORA is enforceable and applicable to all EU Member States.
Boosting an organization’s resilience against looming cyber threats is always a good idea. DORA helps address EU financial system cybersecurity issues that are possible during severe operational disruptions.
The official statement of purpose outlines that it creates a regulatory framework centered on operational resilience to disruptions and threats that is consistent across the EU. The statement is as follows:
“DORA sets uniform requirements for the security of network and information systems of companies and organizations operating in the financial sector as well as critical third parties which provide ICT (Information Communication Technologies)-related services to them, such as cloud platforms or data analytics services. DORA creates a regulatory framework on digital operational resilience whereby all firms need to make sure they can withstand, respond to and recover from all types of ICT-related disruptions and threats. These requirements are homogenous across all EU member states. The core aim is to prevent and mitigate cyber threats.”
DORA is an EU Regulation. Why Should I Worry About It?
Even though it is officially an EU regulation, if your organization has branch offices located in the EU or if you provide services to a financial institution that provides services within the EU, you need to comply with DORA’s scope requirements.
Financial entities, including banks, investment companies, insurance companies, and crypto service providers all fall under DORA’s scope. If your organization operates outside the EU, Article 2 of the Regulation states that the Regulation also covers any critical third parties that deliver IT and cybersecurity services to these covered EU financial organizations.
What’s the Difference Between DORA and GDPR?
The longer-established GDPR (General Data Protection Regulation) was put into effect in 2018 and is the toughest privacy and security law in the world. It obligates any organization, not just financial ones, that target or collect data related to people in the EU to adhere to its stringent privacy protections and levy’s substantial fines on violators of its privacy and security standards.
DORA’s focus is more on cybersecurity versus data privacy and zeroes in on ensuring the security of the network and information systems of financial organizations and their associated third parties should a threat or major interruption occur. It does not contain financial industry rules on personal data protection but complying with DORA by shoring up network and information systems helps financial institutes comply with GDPR requirements.
How Can Fortra Help Meet DORA Requirements?
Fortra, which includes a number of cybersecurity solutions, including infrastructure protection, which can help financial institutes boost their resiliency in defending organizations against cyber threats. Solutions that can help satisfy DORA requirements include phishing and ransomware protection, security awareness training, as well as managed detection and response – all which create the layered security protection needed against threats to the data flowing in and out of your organization.
How Secure File Transfer Can Help Secure Financial Organizations’ Data
GoAnywhere MFT, a secure file transfer solution from Fortra can protect files as they are exchanged and at rest and can help any industry, including the banking and financial industry protect their sensitive customer data and meet key compliance requirements, including regulations such as PCI DSS.
Sensitive cardholder or bank customer data can be protected via GoAnywhere’s centralized controls, security settings, as well as supported transmission and encryption protocols. In addition, robust audit and reporting functionality can capture and retain all log ins, file movements, and any errors to help meet compliance documentation requirements.
Discover Easy, Secure Financial Data File Protection
Of the many managed file options available, GoAnywhere is a market leader for secure, automated, and flexible file transfers in the financial industry. It’s a solution used by thousands of organizations worldwide. Request a demo to find out if GoAnywhere is right for your financial organization.
