Ivan Spiteri
Achieving compliance with the onerous Digital Operational Resilience Act (DORA) obligations within the stipulated time-frame will be challenging and time-consuming. While DORA allows a transition period until 17 January 2025, BDO Malta advises that in-scope entities kick-off preparations immediately.
BDO Malta recommends adopting a phased approach whereby the in-scope entities chart a DORA Compliance Program with the aim of achieving compliance by the end of the transition period. Failure to achieve compliance may lead to severe fines from January 2025 onward. We can help you with DORA Compliance by providing expert guidance on the Regulation, by conducting IT risk assessments and gap analyses, developing and implementing incident management and business continuity plans, and by providing ongoing support and monitoring.
We can also assist with cyber implementation and assurance services to ensure that the infrastructure is secure and resilient against potential threats. This includes penetration testing, vulnerability assessments, and incident response planning. Additionally, we can provide training to employees to help them understand and comply with DORA requirements.
Our Recommendation
We recommend the following action points:
- Perform a maturity assessment against the DORA requirements, with associated gap analysis and mitigation plan to reach compliance by the end of 2024
Commence scenario planning for a large-scale penetration test
Consolidate the Register of Information for all ICT third-party providers
A practical approach to achieve compliance with DORA
Conduct regular risk assessments to identify potential threats and vulnerabilities.
Develop and implement incident management and business continuity plans to ensure that the organisation can respond effectively to a major incident.
Establish robust governance and oversight to ensure that DORA requirements are met and that the organisation's digital infrastructure is secure and resilient.
Regularly testing the incident management and business continuity plans.
Want to know more?