DORA is an EU Act that wants to make sure the financial sector in Europe can stay resilient through a severe operational disruption. It delineates technical standards for all financial service institutions, from banking to insurance, to asset management.
Specifically, EU financial entities are required to have strong IT risk management capabilities and specific mechanisms for handling and reporting IT-related incidents. They should also have policies in place for testing IT applications and managing third-party risks. DORA holds companies responsible for the security of their apps and products, even parts that are taken from libraries are the company’s responsibility. The DORA requirements consider the entity’s size, risk profile, and the nature of their services. Critical IT third-party service providers are subject to strict oversight by the European Supervisory Authorities.
DORA requirements have entered into force 16th January 2023 and financial entities will be expected to be compliant with DORA by 17th January 2025.
To be compliant, DORA requires financial service providers, such as banks, must manage all components of operational resilience. After DORA, they must also follow rules for the protection, detection, containment, recovery and repair capabilities against IT-related incidents.
Pradeo’s app suite provides all the tools needed to comply with DORA. The RASP solution detects risks and prevents attacks in real-time, while the Mobile Application Security Testing solution ensures that the application is secure and compliant.