תקן אבטחת מידע
ISO 27001
DORA Digital Resilience of the European Union
(Digital Operational Resilience Act) DORA is a European Union regulation intended for financial organizations, such as banks, insurance companies and investment houses operating in the European Union or providing services to financial entities in the Union. The regulation came into force in January 2025 and requires financial organizations to meet technological and cyber resilience standards.
Who is bound by the regulations?
DORA applies to a wide range of financial entities, including:
Banks and credit institutions
Insurance and pension companies
Stock exchanges
Asset management companies and investment funds
Credit rating agencies
Entities providing payment services and trading and capital markets platforms
Financial technology (FinTech) service providers providing services to European institutions
Technology companies providing services to financial institutions – including cloud, cyber and IT infrastructure services – will also be subject to some of DORA’s requirements.
DORA Compliance Process
1. Mapping the organization's databases.
2. Preparing a gap survey according to what exists in the organization versus what is required by the regulations.
3. Building a work plan according to the gap survey.
4. Monitoring and assistance in correcting the gaps.
5. Implementing a business continuity plan: Establishing a framework for dealing with cyber incidents and incidents.
7. Preparation of procedures and policy documents.