DORA implementation tool

Yes, ICT incidents have a significant impact on risk in organisations. An increase in the number of incidents increases the probability of events occurring. In addition, each individual ICT incident, regardless of its nature, can increase overall operational and strategic risk.

Incidents can lead to business interruptions, which can disrupt an organisation’s daily operations. These interruptions can generate financial losses and affect the ability to meet obligations to customers.

• The loss or breach of personal data can lead to serious legal and financial consequences, including fines imposed by regulators for breaches of regulations such as the GDPR.
• ICT incidents can negatively impact an organisation’s reputation. Customers and partners may lose trust, which can lead to a loss of customers and a decline in brand value.
• Following an incident, organisations often have to incur significant costs for investigations, repairing systems and implementing new security features, adding to the financial burden.
• ICT incidents can expose new security vulnerabilities, which in turn can lead to increased risk in the future if the organisation does not take appropriate action to patch them.

Consequently, identifying and managing the risks associated with ICT incidents is a key element of any organisation’s security strategy.

In RIG DORA and in RIG NIS, you can include vulnerabilities in your risk assessments by connecting via API to penetration testing tools.

DORA does not force one specific risk assessment methodology, but requires it to focus on the value and criticality of assets held and the impact of their loss on business functions. RIG DORA operates within the RED INTO GREEN application, which has an Asset Based Approach risk assessment methodology that is compliant with DORA, as well as GDPR and NIS2.

Yes, the DORA regulation requires risk assessments in the IS and BC domains, so similarly, the RIG DORA module has the relevant functionalities to select the domains. With these, risk assessments can be carried out in individual IS and BC domains.

DORA requires the maintenance of a register of information on contracts with ICT providers and this functionality of the RIG DORA module will be available from September 2024.

Access to up-to-date knowledge is key to ensuring an organisation’s security. Tools that provide a view of the organisation in terms of its assets, processes, vulnerabilities and security are helpful. The RIG DORA Module gives an overview of all the information mentioned at general and specific levels and allows all analyses, plans and reports to be updated in an automated manner.

ICT providers must consider GDPR compliance and must prepare themselves to complete surveys provided to them by financial institutions. ICT providers do not need to create a register of their sub-suppliers, but critical or essential functions ICT providers must demonstrate information about their suppliers and sub-suppliers.

What if you need to prepare for a re-audit in future years and take care of data update requirements?

In the case of data updates, working manually, you will need to check all assets, processes, vulnerabilities and security each time. With RIG DORA, all you have to do is create a report and check the current state with it. It is not necessary to map the organisation from the beginning. Once you have verified the changes, simply enter them into the system and generate a new report.

Depending on the market, we provide detailed information on request.