DORA - Digital Operational Resilience Act | inforevision

DORA (Digital Operational Resilience Act) is a new EU regulation that sets stricter requirements for digital resilience in the financial sector

Home page Dora

DORA - managing digital resilience and compliance in the financial sector 

DORA (Digital Operational Resilience Act) is a new EU regulation that sets stricter requirements for digital resilience in the financial sector - both for companies and their IT suppliers. 

From January 2025, you must be able to prove that your systems, processes and IT support are resilient to cyberattacks, crashes and disruptions.  

What is DORA? 

DORA is an EU regulation that aims to ensure that financial institutions and their suppliers are able to prevent, detect, resist and recover from all types of IT-related threats and incidents. 

DORA applies to banks, pension funds, insurance companies and fintech companies - but also subcontractors and data centers that provide IT services to the financial sector. 

What do you need to be able to document? 

  • IT risk assessments and operational risk management 
  • Monitoring, alerting and incident reporting 
  • IT readiness and business continuity testing 
  • Management and control of outsourcing and third parties 
  • Compliance with governance and management accountability requirements 

Need help complying with DORA? 

We help you understand the requirements, conduct maturity assessments and create a plan that matches your current setup. 

Read more about our consulting services here 

Do you need to document compliance? 

We prepare auditor's statements (typically ISAE 3402) based on DORA requirements and ISO 27001 - so you are in control of your documentation. 

Read more about our declarations here

Frequently asked questions (FAQ) 

When does DORA come into effect? 

DORA will apply from January 17, 2025 and will have direct effect throughout the EU. 

Which companies are covered by DORA? 

DORA applies to both financial companies (e.g. banks, insurance, pensions, fintech) and critical third-party providers, such as hosting, cloud and software. 

Do all companies need to be certified? 

No - but everyone must be able to document that they comply with the requirements. This can be done through e.g. ISAE 3000 declaration or maturity assessment.  

Contact us - we help you with DORA 

Are you unsure about how DORA affects you - or do you need sparring, overview or documentation? 

We're ready to help. 

Contact Simon

Simon Okkels is a Certified Information Systems Auditor (CISA®) - a global certification that guarantees deep knowledge of audit processes, reporting and compliance procedures within IT auditing and IT and information security.

Contact John

John Søbjærg is a state-authorized public accountant with in-depth knowledge of small and medium-sized companies in many industries. He has many years of experience in advising companies and issuing auditor's reports. 

Contact Rasmus

We are always ready to meet

Let's have a no-obligation conversation about what you and your business need and what we can offer. Just fill in the fields in the form and we will contact you shortly.

You are also welcome to call us at +45 39 53 50 00 or send an email to

Employees
140

Customers
3900

Revenue
+150 million

Year of establishment
1986

Growth per year
10%