With just under a month to go before the Digital Operational Resilience Act (DORA) comes into force, the German Federal Financial Supervisory Authority (BaFin) has published comprehensive guidance on the new documentation requirements. This overview is intended to help companies implement the extensive regulations, which will become mandatory on January 17, 2025.
DORA requires financial firms and their ICT service providers to comply with over 200 specific requirements in the area of IT security management and IT risk management. The aim is to sustainably strengthen the cyber resilience of the European financial sector and to better manage risks in information and communication technology (ICT).
The regulation requires the affected companies to undertake a considerable amount of additional work to document their ICT processes and systems in detail. The exact requirements are set out in several articles of DORA and in the associated regulatory and implementing technical standards.
The guidance provided by BaFin offers a structured overview of the most important documentation requirements. Although the use of the guidance is not mandatory and does not constitute a legal interpretation, it can serve as a valuable support in implementing the complex requirements.
Interested parties can find the guidance and further information for download on the website of BaFin, here you can go directly to the overview.
Adjust processes, review systems, document evidence: DORA’s requirements are diverse, and implementation calls for clarity and structure.
The Annerton DORA Monitor supports you on your journey to digital resilience: We summarise developments and practical tips for you in a concise format.
📥 Download the first edition free of charge now. – And sign up for our mailing list to be automatically notified by email whenever a new edition is released – ensuring you are reliably guided through the DORA jungle.
