DORA act assessment and implementation

Sii Sp. z o.o.

Secure cyber environment is crucial for organizations health, competitive power and protection against loss or corruption of sensitive data they deal with on a daily basis

DORA, the Digital Operational Resilience Act, is a draft legislation designed to improve the cybersecurity and operational resiliency of the financial services sector. DORA requires rapid reporting of cybersecurity incidents, visibility into an organization's third-party dependencies, and the ability to respond to audit requests from regulators or customers. It will apply to over 22 000 financial entities and ICT suppliers operating in the EU. The regulation introduces new requirements for all financial market entities. We support our clients in embedding DORA requirements in their organizations.

To comply with the DORA act, organizations must consider implementing the following services:

• ICT Risk Management - To comply with the new Directive, organizations must take measures to minimize cyber risks. These measures include establishing processes to monitor, log, and classify ICT-related incidents, reporting incidents to relevant regulators and publishing reports for ICT-related incidents to clients and users • Digital Operational Resilience Testing – DORA requires company to regularly test the operational resilience of digital systems and processes • Managing ICT Third-Party Risk – organizations must manage risks associated with third-party providers and implement robust governance policies and procedures • Information-Sharing Arrangements – company needs to collaborate with other financial entities and regulators to share threat intelligence and incident details

Sii service covers: • DORA compliance check and audit services • Risk Management • Incident response and reporting • Threat detection and monitoring • Cybersecurity Education and Awareness • BCP planning • Process tools • Penetration tests Sii provides services based on the following Microsoft products: • Microsoft Defender solution (CSPM, XDR) • Microsoft Purview Compliance Manager and Insider Risk • Microsoft Sentinel • Microsoft Entra and DevOps • Microsoft Office 365 Phishing Simulation and Learning Paths • Microsoft Azure Network Security