top of page
AdobeStock_301701829_edited_edited_edited_edited_edited_edited.jpg

DORA FAQ

Przedstawiamy ustawę o cyfrowej odporności operacyjnej (DORA), kluczowe rozporządzenie UE mające na celu przekształcenie sektora finansowego. Zdobądź cenne informacje na temat celów, kluczowych wymagań i harmonogramu wdrożenia, jednocześnie rozumiejąc implikacje dla instytucji, których to dotyczy. Poznaj rolę organów nadzorczych, związek DORA z RODO i przygotuj się na zgodność, korzystając z naszego podsumowania ekspertów, listy kontrolnej i kluczowych punktów skupionych na danych. Poszerz swoją wiedzę i zapewnij gotowość dzięki naszemu obszernemu przewodnikowi.

  • ISO 22301 - Business Continuity Management System
    ISO 22301 is an international standard for Business Continuity Management. Its goal is to help organizations identify, prevent and quickly recover from disruptions. This standard emphasizes planning and preparation for various crisis scenarios, such as technical failures and natural disasters. ISO 22301 requires systematic monitoring and testing of continuity plans to ensure that organizations are ready for various emergency situations. Implementing this standard helps companies maintain operational stability, protect customer interests and minimize potential losses in the event of incidents.
  • ISO/IEC 27001 - Information Security Management System
    ISO 27001 is an international standard for information security management in organizations. The purpose of the standard is to establish a management system that effectively protects information against unauthorized access, modification or destruction. ISO 27001 requires the identification of all information security risks and the introduction of preventive measures to minimize them. It emphasizes the need to constantly monitor, evaluate and improve the information security management system to be resistant to new threats. Implementing ISO 27001 helps organizations build customer trust by effectively securing information, which is crucial in today's digital environment.
  • ISO 19011:2018 - Guidelines for conducting management system audits
    ISO 19011:2018 is an international standard defining the principles and guidelines for conducting management system audits. This standard is intended to provide general guidance for management audits, covering both internal and external audits. ISO 19011 emphasizes audit planning and management, covering aspects of selecting auditors, preparing for the audit, and assessing the effectiveness of the management system. This standard is universally applicable and can be applied to various management standards such as ISO 9001, ISO 14001 or ISO 27001.
  • ISO 31000 - Risk Management - rules and guidelines
    ISO 31000 is an international standard for Risk Management in organizations. Its main goal is to provide a reference framework for identifying, assessing and managing risks at all levels of the enterprise. This standard emphasizes the importance of a systemic approach to risk management, covering all aspects of an organization's activities. ISO 31000 focuses on continuous improvement of processes related to identifying, assessing, and responding to risks, which helps organizations better make strategic decisions. The implementation of this standard allows companies to flexibly and effectively adapt to changing market conditions and minimize uncertainty related to their operations. The standard also supports risk management for individual management systems specified in the following standards: ISO 9001, ISO 14001, ISO 45001, ISO /IEC 27001, ISO 23301, IATF 16949, ISO 22000, ISO 17025 and others.
  • Ciągłe Innowacje
    Zależy nam na dostarczaniu najlepszych w swojej klasie rozwiązań programowych każdemu z naszych klientów i stale inwestujemy w rozwój oprogramowania. Dzięki temu nasi klienci zawsze pracują z najnowocześniejszymi, nowoczesnymi rozwiązaniami o najwyższej jakości możliwościach, zgodnymi z najnowszymi trendami technologicznymi.
  • Wyeliminuj silosy i zwiększ wpływ na biznes
    Dostosowanie strategiczne jest kamieniem węgielnym dobrego zarządzania. BCMLogic One umożliwia organizacjom łączenie warstw strategicznych, taktycznych i operacyjnych ich działalności, eliminowanie silosów i osiąganie wyników biznesowych jako połączone przedsiębiorstwo. Kliknij tutaj, aby dowiedzieć się więcej o BCMLogic One Way.
  • Jakie rozwiązania oferuje BCMLogic One?
    BCMLogic One oferuje zintegrowane rozwiązania programowe do zarządzania zarządzaniem, wydajnością, ryzykiem i zgodnością. Do naszych najpopularniejszych rozwiązań należą Zarządzanie Wydajnością, Zarządzanie Ryzykiem Przedsiębiorstwa, Zarządzanie Strategią, Zrównoważona Karta Wyników i Zarządzanie Zgodnością. Wszystkie rozwiązania BCMLogic One można bezproblemowo integrować ze sobą lub używać niezależnie jako specjalnie zaprojektowane rozwiązania punktowe. Kliknij tutaj, aby odkryć rozwiązania BCMLogic One
  • Wiodące w branży zabezpieczenia
    Twoje bezpieczeństwo jest naszym najwyższym priorytetem. Platforma zarządzania biznesem BCMLogic One została stworzona, aby spełniać wymagania korporacyjne dotyczące bezpieczeństwa, zgodności i prywatności naszych klientów z branż podlegających ścisłym regulacjom, takich jak usługi finansowe, rząd, ropa i gaz, opieka zdrowotna, produkcja, telekomunikacja i inne. BCMLogic One jest zweryfikowany przez Veracode i przechodzi regularne audyty zgodności, aby zapewnić spełnienie wymagań klientów i organów regulacyjnych. BCMLogic One SaaS posiada certyfikat ISO 27001 i jest zgodny z RODO.
  • Szybkie Wdrożenie
    Wstań i działaj szybko. Nie ma potrzeby kodowania. Nie ma potrzeby czekać. Szybko rozpocznij pracę dzięki naszej sprawdzonej metodologii wdrażania. Wszystkie rozwiązania BCMLogic One są zbudowane jako akceleratory – wstępnie skonfigurowane rozwiązania – co pozwala zaoszczędzić zasoby i rozpocząć pracę w ciągu tygodni, a nie miesięcy. Wybierz wdrożenie odpowiadające Twoim potrzebom: SaaS, lokalnie lub w chmurze prywatnej.
  • Zaawansowana Integracja Danych
    Uzyskaj pełny obraz sytuacji, integrując dane z wielu różnych źródeł w jedno źródło prawdy. BCMLogic One BMP zawiera solidny transformator ETL stworzony do łączenia, przetwarzania i formatowania dużych ilości ustrukturyzowanych i nieustrukturyzowanych danych z różnych źródeł, co pozwala zobaczyć pełny obraz Twojej firmy. BCMLogic One obsługuje integrację z szerokiej gamy źródeł, w tym Excel, CSV, SQL, MDX, Web-Services, SFTP i innych, w tym obsługuje sterowniki JDBC innych firm.
  • Nieograniczona Skalowalność
    Skaluj bez zwalniania. Rozwiązania BCMLogic One są skalowalne i umożliwiają szybką rozbudowę, dzięki czemu organizacje mogą korzystać z jednego narzędzia w całej swojej działalności i funkcjonować jako połączone przedsiębiorstwo.
  • Twoje rozwiązanie, Twój sposób
    W BCMLogic One zdajemy sobie sprawę, że nie ma dwóch takich samych organizacji, dlatego stworzyliśmy BCMLogic One jako wysoce konfigurowalne oprogramowanie, które pozwala organizacjom odzwierciedlać ich struktury organizacyjne, procesy i przepływy pracy oraz wprowadzać ciągłe dostosowania rozwiązania w miarę ewolucji ich potrzeb biznesowych . Słuchamy naszych klientów i współpracujemy z nimi, aby zrozumieć ich cele i zadania, a także zapewniamy każdemu z nich rozwiązanie, które najlepiej pasuje do jego specyficznych wymagań i modelu biznesowego dzisiaj i w przyszłości.
  • Czym jest BCMLogic One?
    BCMLogic One Business Management Platform (BMP) to solidne oprogramowanie klasy korporacyjnej umożliwiające całościowe zarządzanie zarządzaniem, wydajnością, ryzykiem i zgodnością. Rozwiązania BCMLogic One najlepiej nadają się dla średnich i dużych organizacji, które chcą zarządzać całym swoim biznesem za pomocą jednego narzędzia cyfrowego. BCMLogic One umożliwia swoim klientom utworzenie cyfrowego bliźniaka organizacji, digitalizację i automatyzację procesów oraz osiąganie wyników biznesowych jako połączone przedsiębiorstwo. Wszystkie rozwiązania zbudowane na bazie BCMLogic One BMP można bezproblemowo integrować ze sobą lub używać niezależnie jako specjalnie zaprojektowane rozwiązania punktowe.
  • Światowej Klasy Obsługa Klienta
    Jesteśmy tu dla Ciebie. Jesteśmy dumni, że możemy zapewnić naszym klientom i partnerom wsparcie na najwyższym poziomie. Po uruchomieniu Twojego rozwiązania pozostajemy zaufanym partnerem i zapewniamy ciągłe wsparcie i wskazówki dla Twoich zespołów na przyszłość.
  • Elastyczna Konfiguracja
    Zrób to po swojemu. Platforma BCMLogic One oferuje więcej możliwości konfiguracji niż jakiekolwiek inne oprogramowanie na rynku. Każde rozwiązanie BCMLogic One można precyzyjnie skonfigurować zgodnie z konkretnymi wymaganiami i stale modyfikować w miarę ewolucji potrzeb Twojej organizacji. Dzięki BCMLogic One nigdy nie utkniesz, nigdy nie będziesz zamknięty.
  • Gotowe Rozwiązania
    Zarządzaj tym, co dla Ciebie ważne. Odkryj specjalnie zaprojektowane rozwiązania BCMLogic One, wstępnie skonfigurowane z najlepszymi praktykami branżowymi, procesami i przepływami pracy. Zarządzaj jednym lub wszystkimi aspektami swojej firmy. Zarządzanie, wyniki, ryzyko, zgodność, zasady, standardy, audyty i inne.
  • Dlaczego warto wybrać BCMLogic One?
    Platforma zarządzania biznesem BCMLogic One zapewnia elastyczność, bezpieczeństwo i funkcje potrzebne do spełnienia wymagań współczesnych nowoczesnych organizacji.
  • Kiedy powstała firma BCMLogic One?
    Firma BCMLogic One została założona w 2000 roku w Stavanger w Norwegii. Kliknij tutaj, aby dowiedzieć się więcej o historii BCMLogic One.
  • DORA Summary for CIOs and CISOs
    DORA regulation is a crucial legislation impacting the management of operational risks, including cyber threats and data breaches, for organizations. Here’s a summary of the essential points to understand about DORA: Scope: DORA applies to all financial institutions in the European Union, such as banks, insurance companies, and investment firms. Objectives: The regulation aims to guarantee the operational resilience of financial institutions by requiring them to identify and manage operational risks and adopt measures to prevent and mitigate cyber threats and data breaches. Requirements: DORA mandates financial institutions to conduct regular risk assessments, develop business continuity plans, and test their IT systems and processes to ensure resilience against cyber threats and other operational risks. Additionally, institutions must protect customer data and adhere to data protection regulations. Supervision: National competent authorities and the European Banking Authority (EBA) will oversee and enforce compliance with the regulation, which may include on-site inspections, issuing guidance, and imposing penalties for non-compliance. Penalties: Non-compliant financial institutions may face fines up to 10 million euros or 5% of their total annual turnover. As a CISO or CIO, it is crucial to ensure your organization implements appropriate measures to comply with DORA. This may involve reviewing and updating your risk management framework, regularly testing and assessing your IT systems and processes, and ensuring compliance with data protection regulations. Staying up to date with guidance and best practices issued by supervisory authorities is also essential to ensure your organization meets its obligations under the regulation.
  • What role will supervisory authorities play in enforcing the DORA regulation?
    Supervisory authorities hold a vital role in the enforcement of DORA regulation. The regulation suggests that these authorities, including national competent authorities and the European Banking Authority (EBA), will oversee and ensure compliance with the regulation’s requirements. Key responsibilities of supervisory authorities encompass: Evaluating operational resilience: Authorities will assess the operational resilience of financial institutions in their jurisdiction, which involves examining operational resilience plans, mapping and testing critical business services, IT systems, processes, and reviewing outsourcing arrangements. Performing on-site inspections: Authorities may carry out on-site inspections at financial institutions to confirm compliance with the regulation’s requirements. Inspections can target specific risk areas or encompass the entire organization. Enforcing penalties: Authorities have the power to impose penalties on financial institutions that fail to meet the regulation’s requirements. Penalties can range from administrative fines, remedial actions, public reprimands, to withdrawal of authorization. Providing guidance: Authorities may offer guidance and best practices to support financial institutions in complying with the regulation’s requirements. This guidance may cover risk management, cybersecurity, business continuity planning, and other aspects of operational resilience. Fostering coordination: DORA regulation highlights the importance of coordination and cooperation among supervisory authorities at national and European levels. Authorities will be accountable for promoting this coordination, ensuring that financial institutions adhere to consistent and harmonized supervisory practices throughout the EU.
  • When will the DORA regulation come into effect?
    The DORA regulation is set to come into effect on the 17th of January 2025. This date marks a key milestone for financial institutions, as they will need to comply with the new requirements outlined in the legislation. As we approach the implementation date, it’s essential for financial institutions to familiarize themselves with the DORA regulation and take the necessary steps to ensure compliance. With the regulation coming into effect on January 17th, 2025, now is the time for financial institutions to prepare and adapt to these new requirements.
  • How does the DORA regulation relate to other EU regulations, such as GDPR?
    The Digital Operational Resilience Act (DORA) regulation and the General Data Protection Regulation (GDPR) are distinct regulations addressing various aspects of data protection and cybersecurity within the European Union. Nevertheless, there are crucial ways in which these two regulations intersect. First, both DORA and GDPR emphasize the protection of personal data and the assurance of its confidentiality, integrity, and availability. While DORA primarily targets the operational resilience of financial institutions, it also mandates these institutions to safeguard customer data and adhere to data protection regulations. Second, DORA and GDPR require financial institutions to perform risk assessments and implement suitable risk management measures to defend against cyber threats and data breaches. DORA sets specific requirements for financial institutions to identify and mitigate operational risks, while GDPR obliges organizations to evaluate risks to personal data and apply appropriate technical and organizational measures to protect it. Lastly, DORA and GDPR impose substantial penalties for non-compliance. Financial institutions failing to meet DORA requirements may face fines up to 10 million euros or 5% of their total annual turnover. Meanwhile, GDPR can impose fines up to 20 million euros or 4% of the total annual global turnover, whichever is higher. Financial institutions subject to both regulations must carefully examine their obligations under each regulation and ensure the implementation of appropriate measures to comply with both regulations.
  • DORA Compliance Checklist
    Here is a checklist of of essential areas to consider for ensuring compliance with DORA: Risk management: Perform regular risk assessments to identify and manage operational risks. Establish a risk management framework comprising policies, procedures, and controls to mitigate identified risks. Business continuity planning: Create and maintain a comprehensive business continuity plan detailing your organization’s response to operational disruptions, including cyber threats and data breaches. IT and security testing: Test your IT systems and security controls regularly to ensure resilience against cyber threats and other operational risks. This may involve penetration testing, vulnerability assessments, and IT system audits. Incident management: Develop and maintain an incident management plan outlining your organization’s response to operational incidents, including cyber threats and data breaches. Regularly test and update incident response procedures. Data protection: Safeguard customer data and adhere to data protection regulations, such as the General Data Protection Regulation (GDPR). Implement appropriate technical and organizational measures to protect personal data and conduct regular audits to ensure compliance. Outsourcing: Subject third-party service providers and vendors to proper oversight and due diligence processes. Consider incorporating contractual provisions requiring third parties to comply with DORA regulation requirements. Reporting: Establish and maintain suitable reporting mechanisms to inform your organization’s management and supervisory authorities of significant operational incidents and risks. Compliance monitoring: Monitor compliance with DORA requirements regularly, including self-assessments, internal audits, and risk assessments. By addressing these key areas, your organization can take steps to ensure compliance with DORA and promote operational resilience.
  • What are the penalties for non-compliance with the DORA regulation?
    Financial institutions may face various consequences for failing to comply with the regulation, such as: Administrative fines: Financial institutions can be fined up to 10 million euros or 5% of their total annual turnover, whichever is higher, for serious infringements of the regulation. Remedial measures: Supervisory authorities may require financial institutions to take remedial measures to address any weaknesses or failures in their operational resilience. Public reprimands: Supervisory authorities may publicly reprimand financial institutions that fail to comply with the requirements of the regulation. Withdrawal of authorization: Supervisory authorities may withdraw the authorization of financial institutions that repeatedly fail to comply with the requirements of the regulation. Compensation for damages: Financial institutions may be required to compensate customers or third parties for any damages resulting from a failure to comply with the requirements of the regulation. It is important to note that the exact penalties for non-compliance may vary depending on the specific circumstances and the severity of the infringement.
  • What is DORA, Digital Operational Resilience Act?
    The European Commission has issued the Digital Operational Resilience Act (DORA) with the aim of enhancing the operational resilience of the European Union’s financial sector. DORA is structured around three fundamental principles: IT and Cybersecurity Risk Management: Financial institutions would be mandated to identify, assess, and manage their IT and cybersecurity risks. The regulation would necessitate institutions to establish policies and procedures that safeguard their systems and data from cyber threats. Business Continuity Management: Financial institutions would be obligated to develop comprehensive business continuity plans, ensuring their ability to provide services to clients during operational disruptions. This encompasses the implementation of backup systems, alternative communication channels, and disaster recovery plans. Supervision and Oversight: The regulation would introduce a framework for supervisory and oversight authorities to monitor and evaluate the operational resilience of financial institutions. This includes granting supervisory authorities the authority to conduct inspections, request information, and impose sanctions when necessary. DORA is designed to fortify the EU’s financial sector by guaranteeing that financial institutions possess the essential processes, systems, and controls to withstand and respond to operational disruptions effectively.
  • Who will be affected by the DORA regulation?
    The Digital Operational Resilience Act regulation will be applicable to all financial institutions operating within the European Union (EU), encompassing banks, investment firms, trading platforms, central counterparties, and other financial market infrastructures. The standard specifically mentions the following: “…The regulation covers a range of financial entities regulated at Union level namely credit institutions, payment institutions, electronic money institutions, investment firms, crypto-asset service providers, central securities depositories, central counterparties, trading venues, trade repositories, managers of alternative investment funds and management companies, data reporting service providers, insurance and reinsurance undertakings, insurance intermediaries, reinsurance intermediaries and ancillary insurance intermediaries, institutions for occupational retirement pensions, credit rating agencies, statutory auditors and audit firms, administrators of critical benchmarks and crowdfunding service providers”. The regulation specifically states that it applies to all financial institutions, irrespective of their size or complexity. In conclusion, the DORA regulation will impact all financial institutions operating within the EU.
  • Information Rights Management (IRM) tool helping to comply with DORA
    An Information Rights Management (IRM) tool can help your company comply with several sections of the Digital Operational Resilience Act (DORA) regulation, including: Risk management: An IRM tool can help your organization identify and manage operational risks associated with the protection of sensitive information. The tool can provide you with visibility into who has access to sensitive data, how it is being used, and whether there are any vulnerabilities in the data protection measures you have in place. Data protection: The tool can help you classify and label sensitive data, enforce access controls, and track data usage to ensure compliance with regulatory requirements. Incident management: An IRM tool can help your organization respond to operational incidents, including data breaches. The tool can provide you with real-time alerts when unauthorized access attempts occur, allowing you to take immediate action to mitigate the risk of a data breach. Outsourcing: An IRM tool can help your organization ensure that third-party service providers and vendors are subject to appropriate oversight and due diligence processes. The tool can help you enforce data protection requirements and ensure that third parties are complying with the requirements of the DORA regulation. Reporting: An IRM tool can provide you with detailed reports on data usage, access controls, and compliance with regulatory requirements. This can help you meet reporting obligations under the DORA regulation and provide supervisory authorities with the information they need to monitor compliance.
  • How will the DORA regulation impact financial institutions?
    DORA is expected to significantly affect financial institutions operating within the European Union (EU). Here are some ways the regulation is likely to influence these institutions: Increased compliance costs: Financial institutions will need to invest in additional resources, processes, and systems to comply with the new requirements outlined in the regulation, potentially leading to increased compliance costs. Increased regulatory oversight: The regulation grants supervisory authorities heightened powers to monitor and assess the operational resilience of financial institutions, resulting in increased regulatory oversight and potentially more frequent and rigorous regulatory examinations. Changes in business practices: Financial institutions may need to modify their business practices to comply with the new requirements outlined in the regulation. For instance, they may need to review and update their outsourcing arrangements, enhance their cybersecurity measures, and improve their business continuity plans. Greater emphasis on risk management: The regulation emphasizes risk management and mandates financial institutions to establish a robust risk management framework, requiring the development and implementation of more rigorous risk management processes and procedures. Improved operational resilience: Ultimately, the regulation aims to improve the operational resilience of financial institutions. By complying with the requirements, financial institutions will be better prepared to withstand and respond to operational disruptions, such as cyberattacks, IT failures, and other threats. While the DORA regulation may pose challenges for financial institutions, it is also expected to result in improved operational resilience, ultimately benefiting both the institutions and their customers.
  • What are the key requirements of the DORA regulation?
    The European Commission’s issued regulation outlines several crucial requirements that financial institutions operating within the EU must adhere to. These requirements encompass: Mapping and testing: Financial institutions must map and test their critical business services, processes, and IT systems to identify and manage operational risks. Outsourcing: Financial institutions must implement adequate measures to manage risks associated with outsourcing critical functions or services. Incident reporting: Financial institutions must report incidents that significantly impact the continuity of their services or pose a threat to the financial system. Cybersecurity: Financial institutions must adopt appropriate and effective cybersecurity measures to prevent cyber threats and data breaches. Risk management: Financial institutions must establish a robust risk management framework, fully integrated into their overall business strategy. Governance and oversight: Financial institutions must maintain clear lines of responsibility and accountability for operational resilience, with the board of directors responsible for overseeing the institution’s operational resilience. Business continuity planning: Financial institutions must develop comprehensive and effective business continuity plans to ensure the continuity of their critical business services in the event of a disruption. Testing and training: Financial institutions must regularly test and update their operational resilience plans and provide training to staff, ensuring preparedness to respond to operational disruptions.
  • What are the main objectives of the DORA regulation?
    The main objectives of (DORA) regulation are 4: Enhancing the EU’s Financial Sector Operational Resilience: The regulation strives to guarantee that financial institutions possess robust processes and systems to withstand and respond to operational disruptions such as cyberattacks, IT failures, and other threats. Augmenting Customer Data Protection: The regulation mandates financial institutions to implement effective cybersecurity measures to safeguard customer data and avert data breaches. Establishing a Level Playing Field across the EU: The regulation introduces a uniform set of standards and requirements for operational resilience, ensuring that all financial institutions operating within the EU adhere to the same standards. Reinforcing the Role of Supervisory Authorities: The regulation endows supervisory authorities with enhanced powers to monitor and evaluate the operational resilience of financial institutions, and take necessary actions to address any weaknesses or failures.
  • DORA Key Points Related to Data
    The DORA regulation emphasizes data management and protection, recognizing the critical role data plays in the operational resilience of the financial sector. The regulation includes several key points related to data, as follows: Data management: Financial institutions must establish robust data management frameworks to ensure the accuracy, completeness, and integrity of their data. This includes creating data governance structures, data quality assurance processes, and data lineage documentation. Data sharing: Financial institutions need appropriate mechanisms for sharing data with competent authorities, including the European Banking Authority (EBA), national supervisory authorities, and other necessary third parties. Outsourcing of data-related activities: Financial institutions must ensure that their outsourcing arrangements for data-related activities do not compromise the operational resilience of the institution. This includes guaranteeing that outsourcing arrangements do not result in a loss of control over data and that adequate oversight mechanisms are in place. Cybersecurity: Financial institutions are required to implement effective cybersecurity measures to protect their data from cyber threats. This includes adopting measures such as access controls, encryption, and incident response plans. Reporting requirements: Financial institutions must report significant incidents affecting their data and IT systems to competent authorities, including the EBA, within strict timeframes.
bottom of page