Skip content

Digital Operational Resilience Act - DORA Compliance

Compliance with the Digital Operational Resilience Act (DORA) is mandatory from January 2025. LRQA ensures you meet all regulatory requirements

LRQA is uniquely placed as a full-service provider for achieving DORA compliance

The Digital Operational Resilience Act (DORA) is a landmark EU regulation that means financial organisations must ensure they can prevent and mitigate cyber threats and withstand, respond to, and recover from all types of information communication technology (ICT) disruptions.

The DORA Regulation marks a shift in emphasis from solely ensuring an organisation’s financial stability to guaranteeing its ability to maintain resilient operations. Organisations may now need to develop new operational resilience capabilities that must be tested and fully commit to an ongoing mandate to enhance their cybersecurity maturity  

  Award-winning expertise

Our cyber security team continues to achieve multiple vendor certifications, highly respected industry accreditations and international accolades, demonstrating the breadth, depth and impact of their services.  

  Benefits of our DORA Compliance Services

 

LRQA is uniquely placed as a full-service provider for achieving DORA compliance. When you partner with LRQA, you gain access to a team of highly skilled and experienced cyber threat intelligence (CTI) analysts, governance risk and compliance consultants, and cyber incident response experts.

This combination empowers us to provide you with advanced insights and actionable intelligence, enabling proactive identification, mitigation of cyber threats, and measures to meet compliance objectives.

Our experts cover every part of the testing process for DORA.

We are your full-service provider for achieving DORA compliance.

Advisory and compliance consulting

We provide consultancy-led expert guidance on aligning cybersecurity practices with DORA requirements. We work with you to create, develop, and implement policies and procedures.

Managed detection and response

We partner with you to achieve 24/7 monitoring and response services using leading industry technology capabilities to swiftly identify and mitigate cyber threats.

Resilience testing

We provide penetration testing to identify vulnerabilities in financial systems and applications. You receive detailed reports with actionable recommendations for remediation.

Incident response

We deliver an expert service as an assured NCSC level 2 cyber incident response provider. We offer cyber incident response services designed to aid your organisation’s preparedness in the event of a serious cyber incident.

  Everything you need to know about DORA

  Download our DORA guide  

The five pillars of DORA

Risk management

Identify, assess, mitigate and maintain resilient operations in the face of severe disruptions.

Incident management, classification and reporting

Implement early-warning systems to detect and manage cyber incidents and report them promptly. This requires a dedicated SOC security operations centre.

Digital operational resilience testing

Maintain risk-centric and independent testing programmes such as red teaming, purple teaming and advanced penetration testing against regulatory frameworks such as TIBER EU.

Third-party risk management

Include and manage ICT risks from third parties within ICT management frameworks.

Information sharing

Participate in the exchange of valuable cyber security threat and intelligence information among critical entities.

Why work with us?

Specialist expertise

Our cyber security experts hold multiple vendor certifications and accreditations as well as highly respected industry accreditations from CREST, the PCI SSC, ISC2, BCI, Chartered Institute of IT, and NCSC CHECK.

Industry leadership

We lead and shape industry on advisory boards and councils including the PCI SSC Global Executive Assessor Roundtable and CREST councils in the Americas, Asia, EMEA and the UK. We are certified by a range of governing bodies including the payment card industry and are approved as a Qualified Security Assessor.

Everywhere you are

Operating in over 55 countries, with more than 250 dedicated cyber security specialists and over 300 highly qualified information security auditors across the world, we can provide a local service with a globally consistent dedication to excellence.

Image of two cyber security experts chatting in an office

Award winners

We have been recognised for the breadth and depth of our services – including the TEISS Award for Best Penetration Testing Service in 2024, Enterprise Threat Detection and Cloud Security awards at the Security Excellence Awards 2024 and the Stratus Award for Best Managed Cloud Security Service.

Image of LRQA cyber security team winning at the teiss 2024 awards

  Watch our on-demand DORA webinar

  Watch our DORA webinar  

 

 

How is DORA regulated?

Specific authorities (known as competent authorities) in each member nation are responsible along with the European Banking Authority (EBA).

Organisations must prepare for the increased regulatory engagement powers that DORA will give to both national and EU-level supervisors. Instead of merely viewing this as a compliance task, organisations may need to develop new operational resilience capabilities, that must be tested and proven to work, and fully commit to an ongoing mandate to enhance their cyber security maturity.

 

What organisations does DORA apply to?

DORA encompasses over 22,000 financial entities and ICT service providers operating within the EU, along with the ICT infrastructure supporting them from outside the EU. The regulation establishes detailed and stringent requirements applicable to all participants in the financial market.

 

Financial entities covered by DORA include:

  • Credit institutions
  • Payment institutions
  • Account information service providers
  • Electronic money institutions
  • Investment firms
  • Crypto-asset service providers and issuers of asset-referenced tokens
  • Central securities depositories
  • Central counterparties
  • Trading venues
  • Trade repositories
  • Managers of alternative investment funds
  • Management companies
  • Data reporting service providers
  • Insurance and reinsurance undertakings
  • Insurance intermediaries, reinsurance intermediaries and
  • ancillary insurance intermediaries
  • Institutions for occupational retirement provision
  • Credit rating agencies
  • Administrators of critical benchmarks
  • Crowdfunding service providers
  • Securitisation repositories

Latest news, insights and upcoming events