Skip content

DORA Compliance

Compliance with the Digital Operational Resilience Act (DORA) is mandatory from January 2025. LRQA ensures you meet all regulatory requirements

LRQA is uniquely placed as a full-service provider for achieving DORA compliance

The Digital Operational Resilience Act (DORA) is a landmark EU regulation that means financial organisations must ensure they can prevent and mitigate cyber threats and withstand, respond to, and recover from all types of information communication technology (ICT) disruptions. 

The DORA Regulation marks a shift in emphasis from solely ensuring an organisation’s financial stability to guaranteeing its ability to maintain resilient operations. Organisations may now need to develop new operational resilience capabilities that must be tested and fully commit to an ongoing mandate to enhance their cyber security maturity.

Benefits of our DORA Compliance Services 


LRQA is uniquely placed as a full-service provider for achieving DORA compliance. When you partner with LRQA, you gain access to a team of highly skilled and experienced cyber threat intelligence (CTI) analysts, governance risk and compliance consultants, and cyber incident response experts. 
This combination empowers us to provide you with advanced insights and actionable intelligence, enabling proactive identification, mitigation of cyber threats, and measures to meet compliance objectives. Our experts cover every part of the testing process for DORA. We are your full-service provider for achieving DORA compliance.

Advisory and compliance consulting

We provide consultancy-led expert guidance on aligning cyber security practices with DORA requirements. We work with you to create, develop, and implement policies and procedures.

Managed detection and response

We partner with you to achieve 24/7 monitoring and response services using leading industry technology capabilities to swiftly identify and mitigate cyber threats.

Resilience testing

We provide penetration testing to identify vulnerabilities in financial systems and applications. You receive detailed reports with actionable recommendations for remediation.

Incident response

We deliver an expert service as an assured NCSC level 2 cyber incident response provider. We offer cyber incident response services designed to aid your organisation’s preparedness in the event of a serious cyber incident.

  Bekroonde expertise

Ons cyberbeveiligingsteam blijft meerdere certificeringen van leveranciers, zeer gerespecteerde branche-accreditaties en internationale onderscheidingen behalen, waarmee de breedte, diepte en impact van hun services wordt aangetoond.

The five pillars of DORA

Risk management

Identify, assess, mitigate and maintain resilient operations in the face of severe disruptions.

Third-party risk management

Include and manage ICT risks from third parties within ICT management frameworks.

Digital operational resilience testing

Maintain risk-centric and independent testing programmes such as red teaming, purple teaming and advanced penetration testing against regulatory frameworks such as TIBER EU.

Incident management, classification and reporting

Implement early-warning systems to detect and manage cyber incidents and report them promptly. This requires a dedicated SOC security operations centre.

Information sharing

Participate in the exchange of valuable cyber security threat and intelligence information among critical entities.

How is DORA regulated?

Specific authorities (known as competent authorities) in each member nation are responsible along with the European Banking Authority (EBA).

Organisations must prepare for the increased regulatory engagement powers that DORA will give to both national and EU-level supervisors. Instead of merely viewing this as a compliance task, organisations may need to develop new operational resilience capabilities, that must be tested and proven to work, and fully commit to an ongoing mandate to enhance their cyber security maturity.

 

What organisations does DORA apply to?

DORA encompasses over 22,000 financial entities and ICT service providers operating within the EU, along with the ICT infrastructure supporting them from outside the EU. The regulation establishes detailed and stringent requirements applicable to all participants in the financial market.

Financial entities covered by DORA include:

  • Credit institutions
  • Payment institutions
  • Account information service providers
  • Electronic money institutions
  • Investment firms
  • Crypto-asset service providers and issuers of asset-referenced tokens
  • Central securities depositories
  • Central counterparties
  • Trading venues
  • Trade repositories
  • Managers of alternative investment funds

 

 

 

  • Management companies
  • Data reporting service providers
  • Insurance and reinsurance undertakings
  • Insurance intermediaries, reinsurance intermediaries and
  • ancillary insurance intermediaries
  • Institutions for occupational retirement provision
  • Credit rating agencies
  • Administrators of critical benchmarks
  • Crowdfunding service providers
  • Securitisation repositories 

Waarom met ons werken?

Specialistische kennis

Onze cyberbeveiligingsdeskundigen beschikken over meerdere certificeringen en accreditaties van leveranciers en over zeer gerespecteerde brancheaccreditaties van CREST, PCI SSC, ISC2, BCI, Chartered Institute of IT en NCSC CHECK.

Marktleiderschap

We leiden en vormen de industrie in adviesraden en raden, waaronder de PCI SSC Global Executive Assessor Roundtable en CREST-raden in Noord- en Zuid-Amerika, Azië, EMEA en het VK. We zijn gecertificeerd door verschillende instanties, waaronder de betaalkaartenindustrie, en zijn goedgekeurd als Qualified Security Assessor.

Overal waar u bent

Actief in meer dan 55 landen, met meer dan 250 toegewijde cyberbeveiligingsspecialisten en meer dan 300 hooggekwalificeerde informatiebeveiligingsauditors over de hele wereld, kunnen we een lokale service bieden met een wereldwijd consistente toewijding aan uitmuntendheid.

Image of two cyber security experts chatting in an office

Award winnaars

We hebben erkenning gekregen voor de breedte en diepte van onze diensten - waaronder de TEISS Award voor Best Penetration Testing Service in 2024, Enterprise Threat Detection en Cloud Security awards bij de Security Excellence Awards 2024 en de Stratus Award voor Best Managed Cloud Security Service.

Image of LRQA cyber security team winning at the teiss 2024 awards