With just under a month to go before the Digital Operational Resilience Act (DORA) comes into force, the German Federal Financial Supervisory Authority (BaFin) has published comprehensive guidance on the new documentation requirements. This overview is intended to help companies implement the extensive regulations, which will become mandatory on January 17, 2025.
DORA requires financial firms and their ICT service providers to comply with over 200 specific requirements in the area of IT security management and IT risk management. The aim is to sustainably strengthen the cyber resilience of the European financial sector and to better manage risks in information and communication technology (ICT).
The regulation requires the affected companies to undertake a considerable amount of additional work to document their ICT processes and systems in detail. The exact requirements are set out in several articles of DORA and in the associated regulatory and implementing technical standards.
The guidance provided by BaFin offers a structured overview of the most important documentation requirements. Although the use of the guidance is not mandatory and does not constitute a legal interpretation, it can serve as a valuable support in implementing the complex requirements.
Interested parties can find the guidance and further information for download on the website of BaFin, here you can go directly to the overview.
Deadline January 17, 2025 – How ready is your company for DORA? Test it now!
With the Annerton DORA self-test, you can quickly and easily determine your current level of readiness in terms of implementing DORA requirements – anonymously, free of charge and without obligation.
The test takes only about 5 minutes and includes targeted questions from the central areas of the regulation. This will give you a clear and concise overview of your current position and possible areas for action.
Start now and determine your DORA maturity level!
