F E A T U R E a ‘ critical or important function ’ is defined as a function whose disruption would significantly harm the financial performance of a financial organisation . These are the functions and processes that cause the organisation ’ s operations to stop if disrupted . Examples include the processing of payments , the administration of transactions and records and the payment of benefits . If a critical or important function is involved , additional requirements apply to the agreement .
F E A T U R E a ‘ critical or important function ’ is defined as a function whose disruption would significantly harm the financial performance of a financial organisation . These are the functions and processes that cause the organisation ’ s operations to stop if disrupted . Examples include the processing of payments , the administration of transactions and records and the payment of benefits . If a critical or important function is involved , additional requirements apply to the agreement .
On an operational level , DORA focuses on a range of key requirements . Starting with risk and incident management , IT suppliers must carry out risk assessments , implement mitigation strategies and focus on resilience . They are also obliged to track , manage and report IT incidents using automated reporting where possible . Given DORA ’ s heavy focus on resilience , IT suppliers are also required to perform regular resilience testing , including continuity planning and scenario-based assessments . This includes maintaining comprehensive documentation and evidence of resilience measures .
Additionally , IT suppliers must update their Master Service Agreements ( MSAs ) to
Richard Sampson , Chief Revenue Officer at Tax Systems .
reflect the requirements set out in DORA and establish robust mechanisms for responding to audits and questionnaires . Suppliers should enhance the frequency of vulnerability scanning , ideally deploying automated solutions and developing detailed mitigation plans to address potential disruptions . This should be backed by a comprehensive reporting mechanism using Key Performance Indicators ( KPIs ) to demonstrate ongoing compliance . As part of the overall compliance process , DORA-specific staff training is essential to ensure that compliance is robust and effective .
The workload required to meet these additional safeguards is significant – both in terms of time and resource – which inevitably has a cost implication for both organisations and vendors . All parties concerned will be looking at the best way to
WHILST COMPLIANCE WITH DORA MAY COME AT AN INCREASED PRICE , ARGUABLY THE PRICE OF NON- COMPLIANCE IS FAR GREATER .
balance the increased levels of service with the constant drive for efficiency savings , but whilst compliance with DORA may come at an increased price , arguably the price of non-compliance is far greater .
Ultimately , DORA sets out a wide range of important responsibilities that , if they haven ’ t been addressed already , should be actioned by IT suppliers as a matter of importance . Those who fail to act not only put the resilience of their infrastructure at risk – and , by definition , that of their customers – but also open themselves up to potentially expensive and highly damaging enforcement action in the years ahead . �
36 www . intelligentfin . tech