The Continuous Process of DORA Compliance
Act according to the plan to continuously align changes within the organization with the regulation.
How to maintain DORA compliance?
7 simple steps with RIG DORA support
Follow the plan that the DORA implementation tool will guide you through. Take advantage of our know-how, proven with our clients, which will organize your activities into 7 steps, most of which you will complete within RIG DORA itself — your compliance and security management hub.
Risk assessment and risk treatment planning
In RIG, you analyze, assess, and plan in an automated way. You perform an ICT risk assessment within the financial institution and prepare a risk treatment plan — thanks to this, you know how to proceed with the DORA implementation and begin the Deming PDCA cycle.
Surveys and agreements with ICT vendors
RIG sends ready-made surveys to vendors. In parallel with risk assessment, you can begin collecting surveys from vendors and reviewing agreements with ICT vendors.
Register of information on agreements with ICT vendors
In RIG, you register every document. In this step, you prepare draft amendments to agreements and negotiate them.
Implementation of risk treatment plans
In RIG NIS, you prepare a register of vendor information for reporting to CSIRT.
Plan execution
After preparing the plans, you now move on to their execution, including the implementation of appropriate safeguards, conducting relevant pen tests, and training.
Documentation
In the RIG NIS archive, you create documentation. Thanks to the previously prepared plans, you have a strategy and plans tailored to the organization’s needs, which enables their effective implementation.
Gap analysis
You verify compliance based on the established processes, i.e. the implementation of recurring tasks arising from the requirements of the NIS2 directive.
One product — all DORA areas
RIG DORA supports you in fulfilling each of the regulation’s mandatory pillars. Within the tool, you will fully cover 4 areas of responsibility and streamline the remaining 3.
Reporting in accordance with the DORA regulation in the RIG DORA application
RED INTO GREEN enables the fulfillment of all KNF reporting requirements and also supports management reporting to streamline the maintenance of compliance with the DORA regulation.
Register of information on ICT service providers
Contains data on all ICT vendors supporting critical or important functions. Reports: SPR-PF-19 and SPR-PF-20 — concerning planned contractual arrangements with ICT vendors.
Incident register
Reporting major ICT-related incidents and significant cyber threats. Reports: SPR-PF-07, SPR-PF-08, SPR-PF-09, SPR-PF-10 — covering initial, intermediate, and final incident reports.
Internal audit
Documentation of ICT business continuity test results. Copies of digital resilience test results.
External audit
Documentation for the purposes of supervision, investigations, and inspections. Reports: SPR-PF-23 and SPR-PF-24 — submitted as part of ongoing supervision and inspection.
Reporting to the management board
Regular reports on the state of ICT risk, DORA compliance, incident status, and remediation actions. Tailor them to the decision-making needs of the management board. Use dashboards to fulfill the personal responsibility of management board members for DORA compliance.
RIG DORA
If you want to learn about the product, details related to maintaining compliance, or have other questions, sign up!
See compliance work with DORA in the RED INTO GREEN tool
Discover consistent ICT risk management in line with DORA. Explore your organization’s cybersecurity information in a single tool, but from multiple angles — information security, business continuity, personal data. Manage dynamically, assess, plan, analyze!
How will you implement and maintain compliance with the RIG DORA tool?
RIG DORA supports you in fulfilling each of the regulation’s mandatory pillars. Within the tool, you will fully cover 4 areas of responsibility and streamline the remaining 2..