The Digital Operational Resilience Act (DORA) is a legislative framework in Europe that focuses on operational and cyber resilience in the financial sector. It requires financial institutions to enhance their information and communications technology (ICT) capabilities, improve security risk management, harmonize incident reporting, establish a testing framework for digital operational resilience, and monitor critical third-party ICT providers. DORA does not restrict financial institutions from using cloud services.
Financial institutions must comply with uniform requirements set by DORA to achieve a high level of digital operational resilience. This includes managing ICT risks, reporting incidents and cyber threats, testing resilience, sharing information on threats, and managing third-party ICT risk. The regulation allows flexibility in risk management approaches as long as key functions like identification, protection, detection, response, recovery, and communication are addressed. Financial institutions must maintain resilient ICT systems and have effective business continuity plans to handle adverse situations.
Amazon Web Services (AWS) has been involved in consultations on DORA technical standards and has now launched a user guide for DORA compliance. The guide explains the roles of AWS and its customers in managing operational resilience, the shared responsibility model, compliance frameworks, AWS services, and measures for compliance with DORA requirements when using AWS. The guide targets IT leaders, architects, engineers, risk and compliance professionals in financial services organizations.
The guide recommends understanding DORA requirements, using AWS services like Audit Administrator, Security Center, Resilience Center, Configuration, and Trusted Advisor for operational risk management, and leveraging AWS Artifact for security and compliance reports. Financial engineers are advised to follow the AWS Cloud Adoption Framework (AWS CAF) for cloud transformation and improving cloud readiness through business, people, governance, platform, security, and operations perspectives.
Financial institutions are encouraged to explore the AWS User Guide for DORA and reach out to the FSI Security and Compliance team for assistance. The guide provides comprehensive information on how AWS can support organizations in complying with DORA.
Article Source
https://aws.amazon.com/blogs/industries/introducing-the-aws-user-guide-to-the-digital-operational-resilience-act-dora/