DORA Compliance
Compliance with the Digital Operational Resilience Act (DORA) is mandatory from January 2025. LRQA ensures you meet all regulatory requirements
LRQA is uniquely placed as a full-service provider for achieving DORA compliance
The Digital Operational Resilience Act (DORA) is a landmark EU regulation that means financial organisations must ensure they can prevent and mitigate cyber threats and withstand, respond to, and recover from all types of information communication technology (ICT) disruptions.
The DORA Regulation marks a shift in emphasis from solely ensuring an organisation’s financial stability to guaranteeing its ability to maintain resilient operations. Organisations may now need to develop new operational resilience capabilities that must be tested and fully commit to an ongoing mandate to enhance their cyber security maturity.
Benefits of our DORA Compliance Services
LRQA is uniquely placed as a full-service provider for achieving DORA compliance. When you partner with LRQA, you gain access to a team of highly skilled and experienced cyber threat intelligence (CTI) analysts, governance risk and compliance consultants, and cyber incident response experts. This combination empowers us to provide you with advanced insights and actionable intelligence, enabling proactive identification, mitigation of cyber threats, and measures to meet compliance objectives. Our experts cover every part of the testing process for DORA. We are your full-service provider for achieving DORA compliance.
Advisory and compliance consulting
We provide consultancy-led expert guidance on aligning cyber security practices with DORA requirements. We work with you to create, develop, and implement policies and procedures.
Managed detection and response
We partner with you to achieve 24/7 monitoring and response services using leading industry technology capabilities to swiftly identify and mitigate cyber threats.
Incident response
We deliver an expert service as an assured NCSC level 2 cyber incident response provider. We offer cyber incident response services designed to aid your organisation’s preparedness in the event of a serious cyber incident.
Bekroonde expertise
Ons cyberbeveiligingsteam blijft meerdere certificeringen van leveranciers, zeer gerespecteerde branche-accreditaties en internationale onderscheidingen behalen, waarmee de breedte, diepte en impact van hun services wordt aangetoond.
The five pillars of DORA
Risk management
Identify, assess, mitigate and maintain resilient operations in the face of severe disruptions.
Third-party risk management
Include and manage ICT risks from third parties within ICT management frameworks.
Digital operational resilience testing
Maintain risk-centric and independent testing programmes such as red teaming, purple teaming and advanced penetration testing against regulatory frameworks such as TIBER EU.
Incident management, classification and reporting
Implement early-warning systems to detect and manage cyber incidents and report them promptly. This requires a dedicated SOC security operations centre.
Information sharing
Participate in the exchange of valuable cyber security threat and intelligence information among critical entities.
How is DORA regulated?
Specific authorities (known as competent authorities) in each member nation are responsible along with the European Banking Authority (EBA).
Organisations must prepare for the increased regulatory engagement powers that DORA will give to both national and EU-level supervisors. Instead of merely viewing this as a compliance task, organisations may need to develop new operational resilience capabilities, that must be tested and proven to work, and fully commit to an ongoing mandate to enhance their cyber security maturity.
What organisations does DORA apply to?
DORA encompasses over 22,000 financial entities and ICT service providers operating within the EU, along with the ICT infrastructure supporting them from outside the EU. The regulation establishes detailed and stringent requirements applicable to all participants in the financial market.
Financial entities covered by DORA include:
- Credit institutions
- Payment institutions
- Account information service providers
- Electronic money institutions
- Investment firms
- Crypto-asset service providers and issuers of asset-referenced tokens
- Central securities depositories
- Central counterparties
- Trading venues
- Trade repositories
- Managers of alternative investment funds
- Management companies
- Data reporting service providers
- Insurance and reinsurance undertakings
- Insurance intermediaries, reinsurance intermediaries and
- ancillary insurance intermediaries
- Institutions for occupational retirement provision
- Credit rating agencies
- Administrators of critical benchmarks
- Crowdfunding service providers
- Securitisation repositories
Waarom met ons werken?
Specialistische kennis
Onze cyberbeveiligingsdeskundigen beschikken over meerdere certificeringen en accreditaties van leveranciers en over zeer gerespecteerde brancheaccreditaties van CREST, PCI SSC, ISC2, BCI, Chartered Institute of IT en NCSC CHECK.
Marktleiderschap
We leiden en vormen de industrie in adviesraden en raden, waaronder de PCI SSC Global Executive Assessor Roundtable en CREST-raden in Noord- en Zuid-Amerika, Azië, EMEA en het VK. We zijn gecertificeerd door verschillende instanties, waaronder de betaalkaartenindustrie, en zijn goedgekeurd als Qualified Security Assessor.
Overal waar u bent
Actief in meer dan 55 landen, met meer dan 250 toegewijde cyberbeveiligingsspecialisten en meer dan 300 hooggekwalificeerde informatiebeveiligingsauditors over de hele wereld, kunnen we een lokale service bieden met een wereldwijd consistente toewijding aan uitmuntendheid.
Award winnaars
We hebben erkenning gekregen voor de breedte en diepte van onze diensten - waaronder de TEISS Award voor Best Penetration Testing Service in 2024, Enterprise Threat Detection en Cloud Security awards bij de Security Excellence Awards 2024 en de Stratus Award voor Best Managed Cloud Security Service.
