ContentsGovernance and organisationDORA requires a new strategy for digital operational readiness (DOR Strategy)Key pointsDifferences vs. BAIT/VAITOperational implicationICT-specific internal governance and control frameworkKey elementsICT security policiesProtocol for technological changeSignificant expansion of the management body’s tasksa) Possess ICT risk competenceb) Approve and oversee all ICT-relevant policiesc) Define clear responsibilities for all ICT functionsd) Ensure appropriate resourcinge) Approve internal ICT audit plansf) Oversee implementation of ICT response & recovery capabilities Governance and organisation DORA (Regulation (EU) 2022/2554) introduces a new governance paradigm for ICT risk management that differs materially from the BAIT/VAIT architecture. The BaFin guidance highlights three core areas of change: DORA requires a new strategy for … Continue reading Governance and organisationRead More →