PPodcast

Under Scrutiny: How DORA Is Reshaping Resilience Testing | ALLES LEGAL #105

0
Shares
0
0
0
0
0
0

🎧 Digital resilience is a must: this episode explains what DORA demands from financial institutions – tune in now!

Security Testing Under DORA: A Mandatory Exercise

In the final episode of our DORA series, we focus on one of the regulation’s key aspects: the mandatory testing of digital resilience. Josefine Spengler, lawyer at Annerton and Certified Specialist in IT Law, explains what types of security tests are required under DORA, why they are essential for IT system protection, and how companies can take a strategic approach.

The bar is high: while all financial institutions must implement basic testing programmes, systemically important institutions face stricter rules, including the obligation to conduct Threat-Led Penetration Tests (TLPT). These tests simulate realistic cyberattacks to assess the operational resilience of systems.

Even smaller institutions must comply – though simplified, their testing must still be risk-based. The focus is not just on meeting regulatory requirements, but on embedding resilience into the corporate culture.

Tune in to learn what exactly needs to be tested, how to structure internal audit teams, and how BaFin assesses extended testing requirements.

Annerton DORA Monitor Adjust processes, review systems, document evidence: DORA’s requirements are diverse, and implementation calls for clarity and structure.

The Annerton DORA Monitor supports you on your journey to digital resilience: We summarise developments and practical tips for you in a concise format.

📥 Download the first edition free of charge now. – And sign up for our mailing list to be automatically notified by email whenever a new edition is released – ensuring you are reliably guided through the DORA jungle.

About this podcast

Alles Legal – Fintech Recht Kompakt delivers sharp, weekly insights into legal and compliance matters in the world of banking. (in German only)
This podcast is a collaboration between Payment & Banking and PayTechLaw.
Each Wednesday, we unpack the legal developments shaping the financial world – clearly, concisely, and without the legal jargon.
Since 2021, PayTechLaw authors and Annerton attorneys have brought depth and clarity to complex topics.
Whether it’s PSD3, DORA, or FiDA – we provide the legal context you need.
In 20 minutes. No detours.

0
0

Josefine Spengler is a lawyer and IT law specialist at Annerton's Berlin office. She has many years of in-house experience as Head of Legal and Data Protection Officer at a payment service provider. As an expert in the IT and FinTech segment, Josefine Spengler advises national and international clients on all issues at the interface between regulatory law and IT law as well as on compliance and AML issues. Josefine Spengler is a regular speaker at events on IT law and regulatory requirements for the IT of financial companies.



By continuing, you accept our privacy policy.
You May Also Like