Contacts

DORA Compliance

Digital Operational Resilience Act: digital operational resilience in the financial sector

Go to suppliers portal Frequently Asked Questions

What is DORA

Regulation (EU) 2022/2554, known as DORA (Digital Operational Resilience Act), is a European regulation that establishes uniform requirements for the security of networks and information systems of financial entities, including their ICT third parties.

CRIF, operating in the financial sector, pays particular attention to DORA compliance in managing its suppliers.

DORA Timeline

Entry into force: January 16, 2023

Application date: January 17, 2025
From January 17, 2025, all financial entities must comply with DORA requirements.

Key Benefits

  • Customer Trust

    Demonstrating security commitment increases CRIF's trust.

  • Competitive Advantage

    Standing out from competitors with high security standards.

  • Risk Reduction

    Minimizing operational and reputational risks.

  • Market Access

    Facilitating access to the European financial sector.

DORA and CRIF suppliers

As a supplier or potential supplier of CRIF, it is important to understand the implications of DORA:

  • ICT Security
    Implementation of adequate and documented cybersecurity measures

  • Operational Continuity
    Operational continuity and disaster recovery plans regularly tested

  • Incident Management
    Procedures for timely notification of security incidents

  • Monitoring
    Continuous monitoring and threat reporting capabilities

  • Audit and Controls
    Willingness to undergo periodic verifications and audits

CRIF evaluates its suppliers against DORA requirements through:

  • Assessment Questionnaires
    Detailed questionnaires on implemented security and resilience measures

  • Document Verification
    Analysis of policies, procedures, certifications, and audit reports

  • On-site Verifications
    Possible inspection visits to the supplier's premises

  • Continuous Monitoring
    Periodic verification of requirement maintenance over time

  • Operational Resilience
    Ensuring that financial entities can withstand, respond to, and recover from ICT incidents.

  • ICT Risk Management
    Implementing a robust technology risk management framework.

  • Incident Management
    Classifying, reporting, and managing cybersecurity incidents

  • Resilience Testing
    Conducting regular tests to verify digital operational resilience

  • Third-Party Management
    Monitoring and managing risks arising from ICT service providers

Suppliers portals main processes

Registration to Supplier Portal

Sustainability in the Supplier Portal

Start Your Qualification Journey

Register today to access the qualification process and start collaborating with CRIF in compliance with ESG and DORA regulations.

Go to Supplier Portal