The Digital Operations Resilience Act (DORA) was published on 27 December 2022. It includes a Directive and a Regulation on Information and Communication Technology (ICT) operations for the financial sector that are now already in force and will apply in full from 17 January 2025.
DORA applies to a wide range of financial entities regulated by CSSF in Luxembourg and sets requirements on:
ICT risk management;
ICT related incident management and reporting;
ICT operational resilience testing;
ICT third-party service classification, assessment and reporting.
After 17 January 2025 financial institutions that fail to comply may face penalties:
Noncompliant financial entities can be fined up to 1% of average daily worldwide turnover in the preceding fiscal year. This fine can be levied every day until the financial entity achieves compliance;
Entities found to be in violation of DORA requirements may face fines of up to 2% of total annual worldwide turnover or a maximum fine of EUR 1,000,000 in the case of authority of the financial entity.
With less than seven months remaining before the deadline, we recommend starting as soon as possible to ensure your organization has ample time to complete all necessary preparations without rushing in the last month of the year.
Why MAQIT is the right partner?
MAQIT S.A. has 8 years of experience in IT Compliance Advisory. We have successfully completed a large number of engagements within the Fin-Tech and the traditional financial sectors.
MAQIT has developed and uses our own IT regulation compliance framework which includes:
Controls aligned to the most common frameworks such as COBIT and ISO 27001 methodology and a vast database of IT regulatory requirements;
dozens of templates, questionnaires and workflows.
The requirements set out in DORA show many similarities to those of CSSF Circulars 22/806 and 20/750 we have been helping our clients with during recent years. When DORA was published 6 months ago, we adapted our framework to help the clients meet the coming new requirements.
DORA focuses on all digital and data services provided on an ongoing basis and not only limited to ICT services that qualify as outsourcing. So, our ICT Control Framework is now more focusing on ICT Security Risk Management and Incident Management and not only on
ICT Outsourcing Management.
What will you get?
With the MAQIT DORA Methodology and an efficient and proven implementation approach accelerated by the MAQIT Control Framework we will assist your company in achieving the following key objectives:
By the end of 2024: to become compliant to the DORA related regulatory requirements;
In a mid-term perspective: to gain advantages out of your remaining DORA compliant.
MAQIT will help your company to:
Find gaps in your policies and procedures regarding DORA requirements with our DORA Adoption Framework
Get templates for documents that are missing and changes to your policies and procedures that are not compliant to DORA
Select and implement technology and tools that permit to implement the controls on the field.
Obtain access to highly specialized workforce from MAQIT that permits you to implement the controls on the field.
 |  |  |
Comments