Diana Pereira
- Explore how DORA impacts both product and infrastructure resilience, and what steps need to be taken to comply with the regulation.
- Uncover key regulatory developments and how organisations can remain compliant with evolving obligations.
In today’s interconnected digital world, ensuring operational resilience is a priority for organisations providing critical third-party ICT services.
The EU’s Digital Operational Resilience Act (DORA) addresses this by setting a new standard for resilience and security across the financial sector. It is essential for organisations managing third-party risk to understand how DORA impacts both product and infrastructure resilience, and what steps need to be taken to comply with the regulation.
What is DORA and why does it matter?
DORA is a key piece of European Union legislation aimed at ensuring that the financial sector is equipped to handle disruptions to its digital operations. Nowadays, most companies are reliant on third-party ICT services, and DORA establishes a comprehensive framework to mitigate risks from cyber threats, ICT failures, and operational disruptions. Compliance with DORA is not only a legal obligation, but it also presents a competitive advantage for service providers, reinforcing trust and reliability within the ecosystem.
Product resilience in the face of DORA
DORA places specific requirements on ensuring that a provider’s services are secure, reliable, and capable of withstanding disruptions. To achieve this, product resilience must be a key focus. This involves building redundancy into systems, ensuring that data remains secure and accessible, and regularly testing our products’ ability to recover from cyber incidents or technical failures.
LSEG’s Risk Intelligence has made enhancements to its product development process in recognition of our clients’ obligations under DORA. We continuously monitor the performance of our platforms and products and implement upgrades to ensure that our systems can handle the increasing volume of data and complex risk assessments. We have also put in place robust testing frameworks to simulate operational disruptions, ensuring that the products can recover quickly while maintaining data integrity and availability for our clients.
Infrastructure resilience and cybersecurity
DORA stresses the importance of a resilient infrastructure to protect critical financial services from ICT-related risks. For many providers, this means ensuring that the products’ underlying infrastructure is not only robust but also adaptive to new threats and challenges.
To meet these requirements, regular security audits and vulnerability assessments are performed to ensure that our infrastructure remains fortified against evolving cyber threats. In line with DORA’s mandate, we maintain detailed incident response protocols to minimise downtime and protect client data in the event of an attack or technical failure. By adhering to these guidelines, we help clients manage their own risk while demonstrating our commitment to operational resilience.
Preparing for DORA compliance
DORA will be effective from 17 January 2025. Compliance with DORA is not a one-time effort, it requires continuous vigilance and adaptation. As part of our commitment to resilience, we are actively reviewing and ensuring that our systems can adapt to the ever-changing threat landscape, and we are familiar with the many evolving tools to help us mitigate risks.
This process includes strengthening our cybersecurity defences, increasing our monitoring capabilities, and enhancing our disaster recovery processes. We are also working closely with clients to help them understand the implications of DORA and how they can meet their own compliance obligations.
In summary, DORA presents a significant opportunity for companies to enhance operational resilience and demonstrate leadership in the financial risk intelligence space.
By focusing on product and infrastructure resilience, we are not only helping our customers to meet regulatory demands but also building stronger, more secure products for our clients. As we continue to innovate and strengthen our offering, we remain committed to ensuring that services provided by LSEG Risk Intelligence are equipped to navigate the evolving digital landscape with confidence.
Discover how LSEG is preparing for DORA across its businesses.
Legal Disclaimer
Republication or redistribution of LSE Group content is prohibited without our prior written consent.
The content of this publication is for informational purposes only and has no legal effect, does not form part of any contract, does not, and does not seek to constitute advice of any nature and no reliance should be placed upon statements contained herein. Whilst reasonable efforts have been taken to ensure that the contents of this publication are accurate and reliable, LSE Group does not guarantee that this document is free from errors or omissions; therefore, you may not rely upon the content of this document under any circumstances and you should seek your own independent legal, investment, tax and other advice. Neither We nor our affiliates shall be liable for any errors, inaccuracies or delays in the publication or any other content, or for any actions taken by you in reliance thereon.
Copyright © 2024 London Stock Exchange Group. All rights reserved.
The content of this publication is provided by London Stock Exchange Group plc, its applicable group undertakings and/or its affiliates or licensors (the “LSE Group” or “We”) exclusively.
Neither We nor our affiliates guarantee the accuracy of or endorse the views or opinions given by any third party content provider, advertiser, sponsor or other user. We may link to, reference, or promote websites, applications and/or services from third parties. You agree that We are not responsible for, and do not control such non-LSE Group websites, applications or services.
The content of this publication is for informational purposes only. All information and data contained in this publication is obtained by LSE Group from sources believed by it to be accurate and reliable. Because of the possibility of human and mechanical error as well as other factors, however, such information and data are provided "as is" without warranty of any kind. You understand and agree that this publication does not, and does not seek to, constitute advice of any nature. You may not rely upon the content of this document under any circumstances and should seek your own independent legal, tax or investment advice or opinion regarding the suitability, value or profitability of any particular security, portfolio or investment strategy. Neither We nor our affiliates shall be liable for any errors, inaccuracies or delays in the publication or any other content, or for any actions taken by you in reliance thereon. You expressly agree that your use of the publication and its content is at your sole risk.
To the fullest extent permitted by applicable law, LSE Group, expressly disclaims any representation or warranties, express or implied, including, without limitation, any representations or warranties of performance, merchantability, fitness for a particular purpose, accuracy, completeness, reliability and non-infringement. LSE Group, its subsidiaries, its affiliates and their respective shareholders, directors, officers employees, agents, advertisers, content providers and licensors (collectively referred to as the “LSE Group Parties”) disclaim all responsibility for any loss, liability or damage of any kind resulting from or related to access, use or the unavailability of the publication (or any part of it); and none of the LSE Group Parties will be liable (jointly or severally) to you for any direct, indirect, consequential, special, incidental, punitive or exemplary damages, howsoever arising, even if any member of the LSE Group Parties are advised in advance of the possibility of such damages or could have foreseen any such damages arising or resulting from the use of, or inability to use, the information contained in the publication. For the avoidance of doubt, the LSE Group Parties shall have no liability for any losses, claims, demands, actions, proceedings, damages, costs or expenses arising out of, or in any way connected with, the information contained in this document.
LSE Group is the owner of various intellectual property rights ("IPR”), including but not limited to, numerous trademarks that are used to identify, advertise, and promote LSE Group products, services and activities. Nothing contained herein should be construed as granting any licence or right to use any of the trademarks or any other LSE Group IPR for any purpose whatsoever without the written permission or applicable licence terms.
