Cristie Data GmbH logo
Contact

The Digital Operational Resilience Act (DORA)™

"DORA is to be applied to audits from 17 January 2025" - Source: Bafin

Are you READY for DORA regulation?
Contact Cristie to learn how we can help you with DORA. Discover how the Digital Operational Resilience Act (DORA) will revolutionize cybersecurity in the financial sector by 2025 and learn how your organization can stay ahead of the curve in operational resilience and compliance for DORA regulations.
Contact

What is the DORA policy?

The Digital Operational Resilience Act (DORA) is a proposal by the European Commission to establish a comprehensive framework for ensuring the operational resilience of digital services in the financial sector within the European Union. The DORA Regulation aims to improve the cybersecurity and operational capabilities of financial actors, including banks and other financial institutions, and ensure the continuity of critical financial services.

CONTENT

When does DORA come into full effect?

The Digital Operational Resilience Act (DORA) was officially published in the Official Journal of the European Union on December 27, 2022. It aims to improve the digital operational resilience of the financial sector in the European Union. The law entered into force on January 16, 2023, and will be fully implemented by January 17, 2025.

What are the key aspects of the proposed

DORA regulation?

dora-regulation-2025-cristi-data
  • Corporate resilience:
    DORA focuses on ensuring the operational resilience of digital services provided by financial actors. This includes measures to prevent and respond to cybersecurity incidents and disruptions.
  • Incident Reporting:
    The Regulation proposes mandatory incident reporting obligations for financial actors to ensure that competent authorities are promptly informed of significant incidents that affect the continuity of digital services.
  • Third-party providers:
    DORA also addresses the operational resilience of third-party providers, who play a critical role in the financial ecosystem. Financial actors are expected to assess and manage the risks associated with their reliance on third-party providers.
  • Tests and scenarios:
    Financial actors are encouraged to conduct regular tests and simulations to assess their operational resilience and ability to respond to various cybersecurity scenarios.
  • Cooperation and information exchange:
    DORA promotes cooperation and information sharing between companies, competent authorities and other relevant stakeholders to improve overall cybersecurity and operational resilience in the financial sector.

How can Cristie Data help you comply with DORA regulations?

Cristie Data has decades of expertise in data backup, system recovery, and cybersecurity, all key elements for achieving operational resilience. For organizations in the financial sector, where the continuity of critical financial services inevitably involves protecting and recovering thousands of application servers, Cristie can help solve the complexities of automating large-scale system recoveries. It does this through its proprietary Cristie Recovery (BMR) software, combined with backup solutions from leading vendors such as Rubrik, Dell Technologies, IBM, and Cohesity.

Our potential investments in the context of meeting DORA requirements include:

  • Providing data and system recovery solutions,
    that contribute to DORA compliance and self-assessment, supported by leading providers.
  • Cristie Recovery (BMR) Software
    provides extensive capabilities for system recovery simulation, troubleshooting, and reporting to meet DORA self-assessment requirements.
  • Security Operations Center (SOC)
    Solutions.
  • Guaranteed EU/German data sovereignty
    for backup and archiving operations.
  • Comprehensive data protection, system recovery and cybersecurity solutions
    including professional services and support, delivered through a true OPEX pay-per-use model under the Cristie READY initiative.

Our data and cybersecurity specialists are always available to answer your questions.

Contact

Will DORA be applicable to your organization?

Key entities to which DORA is likely to be applicable include:

  • Credit institutions:
    This includes banks and other financial institutions that provide credit services.
  • Investment firms:
    Entities engaged in investment services and activities, including brokerage and investment advisory services.
  • Central Counterparties (CCPs):
    Entities that facilitate clearing and settlement services for financial transactions.
  • Central Securities Depositories (CSDs):
    Entities responsible for the custody and administration of securities.
  • Payment service providers (PSPs):
    Entities engaged in the provision of payment services, including banks, electronic money institutions and other payment service providers.
  • Electronic Money Institutions (EMIs):
    Entities that issue electronic money and provide related financial services.
  • Critical third-party providers:
    DORA also addresses the operational resilience of third-party providers, who play a critical role in the financial ecosystem. Financial actors should assess and manage the risks associated with their dependence on critical third-party providers.

It is important to note that the application of DORA may involve a risk-based approach, taking into account the size, complexity, and criticality of the services provided by the entities. The regulation aims to ensure that these entities maintain operational resilience, cybersecurity, and the ability to respond effectively to incidents that could impact the continuity of their digital services.

Watch our informative video on LinkedIn

to the LinkedIn post

What are the obligations and impacts of DORA

for affected organizations?

The DORA Regulation includes provisions regarding self-assessment and testing by financial actors in its initial proposals. While the specific self-assessment requirements may be refined during the legislative process, the following aspects were generally covered:
  • Assessment of operational resilience:
    Financial actors were expected to conduct self-assessments of their operational resilience. This includes evaluating and ensuring the effectiveness of measures to prevent, respond to, and recover from incidents that could impact the continuity of digital services.
  • Test and simulation exercises:
    The regulation encourages financial actors to conduct regular tests and simulation exercises to assess their operational resilience. These exercises aim to simulate various cybersecurity scenarios and assess the entity's ability to respond effectively.
  • Incident Response Assessment:
    Financial actors were likely required to evaluate and test their incident response plans and procedures. This includes assessing the entity's readiness to handle significant incidents promptly and effectively.
  • Documentation and reporting:
    Entities could be required to document the results of their self-assessments and testing activities. Additionally, they could have reporting obligations to the relevant authorities, providing relevant details on the nature and impact of incidents and the actions taken.

We advise organizations to stay informed about the progress of the legislative process and changes to the DORA Regulation. The final self-assessment requirements and obligations may be specified in the adopted regulation. For the most up-to-date and accurate information, it is recommended to refer to official European Union sources.

Contact Cristie to discuss your DORA goals.

Contact
Contact Info

Nordring 53-55, 63843 Niedernberg, Germany

info@cristie.de

+49 (0) 6028 97950

Our services are aimed exclusively at business customers. Please use a corporate email address for your inquiry (e.g., no @gmail.com, @gmx.de, or @web.de addresses).

CMT26 - Registration
Cristie Mopped Tour 2026

Our services are aimed exclusively at business customers. Please use a corporate email address for your inquiry (e.g., no @gmail.com, @gmx.de, or @web.de addresses).

Cristie Data - Savings - VMware Licensing Costs (Solution Overview (PDF))

Cristie Data - Job Application

Cristie Data - Job Application

Metadata Management Webinar 18.11.2025 - Registration

Our services are aimed exclusively at business customers. Please use a corporate email address for your inquiry (e.g., no @gmail.com, @gmx.de, or @web.de addresses).

Metadata Management Webinar 17.09.2025 - Registration

Our services are aimed exclusively at business customers. Please use a corporate email address for your inquiry (e.g., no @gmail.com, @gmx.de, or @web.de addresses).

CMT25 - Registration
Cristie Mopped Tour 2025

Our services are aimed exclusively at business customers. Please use a corporate email address for your inquiry (e.g., no @gmail.com, @gmx.de, or @web.de addresses).

I am interested in emergency support for Cristie & Arctic Wolf!

Your it-sa 2024 ticket
Request free tickets. You can also request multiple tickets using the comments section.






Participation subject to availability.

CMT24 - Registration
Cristie Mopped Tour 2024






Participation subject to availability.

Watch the DORA video

Watch the Spectra Tape video

Watch the NIS2 Directive video

Save the Data - Event Registration






Participation subject to availability.

Arctic Wolf - Security Breakfast





Participation subject to availability.

Arctic Wolf - Security Breakfast Event





Participation subject to availability.

eBook: Transform Your Business with Mature Data Management

Understanding LTO-9 Tape Technology – White Paper

Understanding LTO-9 Tape Technology – White Paper

Request a monthly quote for cloud protection

Select multiple items by pressing the Ctrl or Cmd key while selecting.

*You can determine the number of assigned licenses in Microsoft 365 by navigating to the Microsoft 365 Admin center > Billing > Licenses page.

** The following subscriptions are not charged by Cristie Cloud Backup for Google Workspace:
Google Voice Starter (SKU ID: 1010330003)
Google Voice Standard (SKU ID: 1010330004)
Google Voice Premier (SKU ID: 1010330002)

On the way to the intelligent world – Whitepaper

As new technologies such as 5G, IoT, cloud computing, and big data are used in digital transformation, enterprise IT architecture is moving toward a hybrid framework of “traditional IT + private cloud + public cloud + edge.”

Striding Towards the Intelligent World – White Paper

As new technologies, such as 5G, IoT, cloud computing, and big data, are being applied in digital transformation, enterprise IT architecture is moving towards a hybrid framework of “traditional IT + private cloud + public cloud + edge”. This report provides an in-depth outlook on the development of the data storage industry.

Zero Trust Data Security for Dummies