{"id":6084,"date":"2024-03-21T08:05:44","date_gmt":"2024-03-21T08:05:44","guid":{"rendered":"https:\/\/pixlex.it\/?p=6084"},"modified":"2026-01-18T08:18:00","modified_gmt":"2026-01-18T08:18:00","slug":"che-cosa-e-il-dora-guida-al-dora-episodio-1","status":"publish","type":"post","link":"https:\/\/pixlex.it\/en\/what-is-dora-guide-to-dora-episode-1\/","title":{"rendered":"What is DORA: guide to the Digital Operational Resilience Act - Episode 1"},"content":{"rendered":"<div data-elementor-type=\"wp-post\" data-elementor-id=\"6084\" class=\"elementor elementor-6084\" data-elementor-post-type=\"post\">\n\t\t\t\t<div class=\"elementor-element elementor-element-d2c06cf e-flex e-con-boxed e-con e-parent\" data-id=\"d2c06cf\" data-element_type=\"container\" data-settings=\"{&quot;content_width&quot;:&quot;boxed&quot;}\" data-core-v316-plus=\"true\">\n\t\t\t\t\t<div class=\"e-con-inner\">\n\t\t\t\t<div class=\"elementor-element elementor-element-6bd1b10 elementor-widget elementor-widget-text-editor\" data-id=\"6bd1b10\" data-element_type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t<style>\/*! elementor - v3.19.0 - 07-02-2024 *\/\n.elementor-widget-text-editor.elementor-drop-cap-view-stacked .elementor-drop-cap{background-color:#69727d;color:#fff}.elementor-widget-text-editor.elementor-drop-cap-view-framed .elementor-drop-cap{color:#69727d;border:3px solid;background-color:transparent}.elementor-widget-text-editor:not(.elementor-drop-cap-view-default) .elementor-drop-cap{margin-top:8px}.elementor-widget-text-editor:not(.elementor-drop-cap-view-default) .elementor-drop-cap-letter{width:1em;height:1em}.elementor-widget-text-editor .elementor-drop-cap{float:left;text-align:center;line-height:1;font-size:50px}.elementor-widget-text-editor .elementor-drop-cap-letter{display:inline-block}<\/style>\t\t\t\t<h5 class=\" translation-block\">The Digital Operational Resilience Act (DORA)<\/h5><p class=\" translation-block\">Over the past few years, technology has taken an increasingly central role in the provision of financial services, both for simpler and more traditional operations and in more innovative services (e.g., fintech, peer-to-peer services, etc.).<\/p><p>The use of digital tools has not only brought with it numerous benefits but also important risks, particularly those related to cyber incidents and attacks. The scale of these incidents has also increased due to the increased interconnection between financial infrastructures within the European Union.<\/p><p class=\" translation-block\">Therefore, the European legislature adopted Regulation (EU) 2022\/2554 (the so-called digital operational resilience act or \"DORA\") on digital operational resilience for the financial sector.<\/p><h5><span style=\"text-decoration: underline;\"><strong><em>Goals of DORA<\/em><\/strong><\/span><\/h5><p>The regulation sets out to create a harmonized regime to achieve a higher level of security of information systems in the financial sector, an element now considered to be of equal importance to market stability provisions.<\/p><p>The approach taken in this new regulation is different from the traditional quantitative risk management approach. Traditionally, in fact, European regulations required financial entities to hold capital to cover cyber risks. In contrast, DORA requires financial entities to manage by having specific systems in place to manage risks (including from third parties) and cyber incidents.<\/p><h5><span style=\"text-decoration: underline;\"><strong><em>Subjective scope<\/em><\/strong><\/span><\/h5><p>The regulation sets obligations for different types of financial entities.<\/p><p>These include traditional players, including banks, payment institutions, electronic money institutions, investment firms, management companies, insurance companies, crowdfunding service providers, and trading venues.<\/p><p>Some firms are excluded from these due to their small size, such as institutions for occupational retirement provision which operate pension schemes which together do not have more than 15 members in total, insurance intermediaries, reinsurance intermediaries, and ancillary insurance intermediaries that are micro or small or medium-sized enterprises or natural or legal persons exempt under Mifid II.<\/p><p class=\" translation-block\">Also included in the list of financial entities are cryptocurrency service providers licensed under Regulation 1114\/2023, so-called MiCA Regulation (the \"VASPs\").<\/p><p class=\" translation-block\">Extending the scope of DORA to VASPs addresses the need to limit cyber risks in a particularly sensitive area. The decentralized finance sector, the use of wallets, and the use of innovative services (e.g., cloud mining, cryptocurrency trading, staking, lending, farming, etc.) involve the use of computer systems that are complex (e.g., smart contract-based systems) and potentially exposed to greater risks, not least because of the increased difficulty of use by more inexperienced users.<\/p><p>Cryptocurrency regulation thus aims to protect consumers from different types of risk, including precisely those related to computer systems.<\/p><p>The regulation imposes obligations not only on financial entities, but also on third-party providers of IT services. Thus, some basic principles are established to guide financial entities' management of cyber risks arising from third parties, which are of particular importance when financial entities rely on them to support their essential or important functions.<\/p><h5><span style=\"text-decoration: underline;\"><strong><em>Obligations set forth by DORA<\/em><\/strong><\/span><\/h5><p>Fundamentally, DORA requires financial entities to (i) provide appropriate governance systems for cyber risk management, (ii) cyber incident management, (iii) digital operational resilience testing, and (iv) the management of cyber risks arising from third parties.<\/p><ol><li><h6><u>Governance systems.<\/u><\/h6><\/li><\/ol><p>The management body of the financial entity is identified as the entity responsible for the proper management of cyber risks and for making the necessary arrangements for compliance with the regulation.<\/p><p>These include the obligation to define, approve, oversee and be responsible for the implementation of all arrangements related to the ICT risk management framework.<\/p><p>Financial entities are also required to map and update their information technology systems to make them resilient, reliable, suitable and have sufficient capacity to carry out their activities. They must also conduct ongoing risk assessments on ICT systems, documenting and classifying cyber threats and recording actions taken to mitigate identified risks.<\/p><p>Within the risk assessment process, institutions must  conduct business impact analyses in order to assess how severe and specific disruption scenarios could affect business operations.<\/p><p class=\" translation-block\">Financial entities must also establish business continuity and disaster recovery plans to address various cyber risk scenarios (e.g., cyber attacks, IT service failures, catastrophic natural events). These plans should include procedures for backing up and restoring data, processes for restoring systems, and plans for communicating with various stakeholders.<\/p><ol start=\"2\"><li><h6><u>ICT-related incident management, classification and reporting<\/u><\/h6><\/li><\/ol><p>Financial entities are required to define, establish and implement a process for managing IT-related incidents in order to detect, manage and report such incidents. These must be recorded, monitored and documented in order to prevent their occurrence.<\/p><p>These processes include, among others, alert mechanisms, roles and responsibilities, forms of communication and response procedures.<\/p><p>Financial entities must also classify incidents based on the criteria provided by DORA and must report serious cyber incidents to the appropriate authorities. Specifically, entities must provide three types of reports: an initial notification to the authorities, an intermediate report after the initial notification, and a final report analyzing the root causes of the incident.<\/p><ol start=\"3\"><li><h6><u>Digital operational resilience testing<\/u><\/h6><\/li><\/ol><p>A requirement is also imposed on financial entities to establish, maintain and review a robust and comprehensive digital operational resilience testing program as an integral part of the internal governance and control framework. This meets the goal of identifying weaknesses, deficiencies and gaps in digital operational resilience and implementing timely corrective measures.<\/p><p>The assessment includes, among others, performing appropriate testing, including vulnerability assessment and scanning, open source analysis, network security assessments, gap analysis, physical security examinations, software questionnaires and scanning solutions, source code examinations where feasible, scenario-based testing, compatibility testing, performance testing, end-to-end testing, and penetration testing.<\/p><ol start=\"4\"><li><h6><u>Managing of ICT third-party risk<\/u><\/h6><\/li><\/ol><p>DORA not only imposes obligations regarding the financial entities' own IT risks, but also regarding those arising from third-party providers of technology services.<\/p><p>In particular, financial financial entities that have entered into contractual arrangements for the use of IT services in the conduct of their business operations remain fully responsible at all times for complying with and fulfilling all obligations under the regulation.<\/p><p>In addition, they must manage IT risks arising from their relationship with third parties and related contracts, especially those that impact essential services (based on the principle of proportionality).<\/p><p class=\" translation-block\">When financial institutions decide to outsource IT functions to third parties, they must negotiate detailed contractual agreements that include provisions regarding, for example, termination rights, service levels (so-called SLAs), verification procedures, and performance targets to ensure accessibility, integrity, and security of services.<\/p><p>Then, if the agreement covers functions that are deemed critical and essential, more stringent provisions are required (e.g., relating to monitoring and cooperation obligations or on the preparation of contingency plans).<\/p><p>Where the third party is unable to comply with these requirements, the financial institutions are prohibited from entering into the agreement.<\/p><p>In addition, financial institutions will need to carefully track their IT service dependency relationships with third parties and ensure that critical and crucial functions are not overly dependent on a single vendor or a small group of vendors.<\/p><h5><strong><em>Timeline<\/em><\/strong><\/h5><p>DORA came into force in January 2023, and since then European institutions have been publishing draft technical standards.<\/p><p>Implementation of the regulation, with related supervision by the authorities, will start on January 15, 2025.<\/p><p>Se hai bisogno di assistenza, puoi visitare la n<a href=\"https:\/\/pixlex.it\/en\/servizi\/privacy-cybersecurity\/\">ostra pagina dedicata<\/a> o contattarci direttamente.<\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t<div class=\"elementor-element elementor-element-d4b0ff6 e-flex e-con-boxed e-con e-parent\" data-id=\"d4b0ff6\" data-element_type=\"container\" data-settings=\"{&quot;content_width&quot;:&quot;boxed&quot;}\" data-core-v316-plus=\"true\">\n\t\t\t\t\t<div class=\"e-con-inner\">\n\t\t<div class=\"elementor-element elementor-element-4bd3342 e-flex e-con-boxed e-con e-child\" data-id=\"4bd3342\" data-element_type=\"container\" data-settings=\"{&quot;content_width&quot;:&quot;boxed&quot;}\">\n\t\t\t\t\t<div class=\"e-con-inner\">\n\t\t\t\t<div class=\"elementor-element elementor-element-c8fef01 elementor-share-buttons--view-icon-text elementor-share-buttons--skin-gradient elementor-share-buttons--shape-square elementor-grid-0 elementor-share-buttons--color-official elementor-widget elementor-widget-share-buttons\" data-id=\"c8fef01\" data-element_type=\"widget\" data-widget_type=\"share-buttons.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t<link rel=\"stylesheet\" href=\"https:\/\/pixlex.it\/wp-content\/plugins\/elementor-pro\/assets\/css\/widget-share-buttons.min.css\">\t\t<div class=\"elementor-grid\">\n\t\t\t\t\t\t\t\t<div class=\"elementor-grid-item\">\n\t\t\t\t\t\t<div\n\t\t\t\t\t\t\tclass=\"elementor-share-btn elementor-share-btn_facebook\"\n\t\t\t\t\t\t\trole=\"button\"\n\t\t\t\t\t\t\ttabindex=\"0\"\n\t\t\t\t\t\t\taria-label=\"Share on facebook\"\n\t\t\t\t\t\t>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<span class=\"elementor-share-btn__icon\">\n\t\t\t\t\t\t\t\t<i class=\"fab fa-facebook\" aria-hidden=\"true\"><\/i>\t\t\t\t\t\t\t<\/span>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<div class=\"elementor-share-btn__text\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<span class=\"elementor-share-btn__title\">\n\t\t\t\t\t\t\t\t\t\tFacebook\t\t\t\t\t\t\t\t\t<\/span>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t\t<div class=\"elementor-grid-item\">\n\t\t\t\t\t\t<div\n\t\t\t\t\t\t\tclass=\"elementor-share-btn elementor-share-btn_telegram\"\n\t\t\t\t\t\t\trole=\"button\"\n\t\t\t\t\t\t\ttabindex=\"0\"\n\t\t\t\t\t\t\taria-label=\"Share on telegram\"\n\t\t\t\t\t\t>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<span class=\"elementor-share-btn__icon\">\n\t\t\t\t\t\t\t\t<i class=\"fab fa-telegram\" aria-hidden=\"true\"><\/i>\t\t\t\t\t\t\t<\/span>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<div class=\"elementor-share-btn__text\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<span class=\"elementor-share-btn__title\">\n\t\t\t\t\t\t\t\t\t\tTelegram\t\t\t\t\t\t\t\t\t<\/span>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t\t<div class=\"elementor-grid-item\">\n\t\t\t\t\t\t<div\n\t\t\t\t\t\t\tclass=\"elementor-share-btn elementor-share-btn_linkedin\"\n\t\t\t\t\t\t\trole=\"button\"\n\t\t\t\t\t\t\ttabindex=\"0\"\n\t\t\t\t\t\t\taria-label=\"Share on linkedin\"\n\t\t\t\t\t\t>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<span class=\"elementor-share-btn__icon\">\n\t\t\t\t\t\t\t\t<i class=\"fab fa-linkedin\" aria-hidden=\"true\"><\/i>\t\t\t\t\t\t\t<\/span>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<div class=\"elementor-share-btn__text\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<span class=\"elementor-share-btn__title\">\n\t\t\t\t\t\t\t\t\t\tLinkedIn\t\t\t\t\t\t\t\t\t<\/span>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t\t<div class=\"elementor-grid-item\">\n\t\t\t\t\t\t<div\n\t\t\t\t\t\t\tclass=\"elementor-share-btn elementor-share-btn_whatsapp\"\n\t\t\t\t\t\t\trole=\"button\"\n\t\t\t\t\t\t\ttabindex=\"0\"\n\t\t\t\t\t\t\taria-label=\"Share on whatsapp\"\n\t\t\t\t\t\t>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<span class=\"elementor-share-btn__icon\">\n\t\t\t\t\t\t\t\t<i class=\"fab fa-whatsapp\" aria-hidden=\"true\"><\/i>\t\t\t\t\t\t\t<\/span>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<div class=\"elementor-share-btn__text\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<span class=\"elementor-share-btn__title\">\n\t\t\t\t\t\t\t\t\t\tWhatsApp\t\t\t\t\t\t\t\t\t<\/span>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-bddb7c7 elementor-widget elementor-widget-text-editor\" data-id=\"bddb7c7\" data-element_type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<p>\n<div class=\"wpcf7 no-js\" id=\"wpcf7-f2721-o1\" lang=\"en-US\" dir=\"ltr\">\n<div class=\"screen-reader-response\"><p role=\"status\" aria-live=\"polite\" aria-atomic=\"true\"><\/p> <ul><\/ul><\/div>\n<form action=\"\/en\/wp-json\/wp\/v2\/posts\/6084#wpcf7-f2721-o1\" method=\"post\" class=\"wpcf7-form init\" aria-label=\"Contact form\" novalidate=\"novalidate\" data-status=\"init\" data-trp-original-action=\"\/en\/wp-json\/wp\/v2\/posts\/6084#wpcf7-f2721-o1\">\n<div style=\"display: none;\">\n<input type=\"hidden\" name=\"_wpcf7\" value=\"2721\" \/>\n<input type=\"hidden\" name=\"_wpcf7_version\" value=\"5.9.4\" \/>\n<input type=\"hidden\" name=\"_wpcf7_locale\" value=\"en_US\" \/>\n<input type=\"hidden\" name=\"_wpcf7_unit_tag\" value=\"wpcf7-f2721-o1\" \/>\n<input type=\"hidden\" name=\"_wpcf7_container_post\" value=\"0\" \/>\n<input type=\"hidden\" name=\"_wpcf7_posted_data_hash\" value=\"\" \/>\n<input type=\"hidden\" name=\"_wpcf7_recaptcha_response\" value=\"\" \/>\n<\/div>\n<div id=\"contact-formular\" class=\"disable-drag\">\n\t<div class=\"name-box has-animation\">\n\t\t<p><span class=\"wpcf7-form-control-wrap\" data-name=\"your-name\"><input size=\"40\" class=\"wpcf7-form-control wpcf7-text wpcf7-validates-as-required\" aria-required=\"true\" aria-invalid=\"false\" placeholder=\"What&#039;s Your Name\" value=\"\" type=\"text\" name=\"your-name\" \/><\/span>\n\t\t<\/p>\n\t<\/div>\n\t<div class=\"email-box has-animation\">\n\t\t<p><span class=\"wpcf7-form-control-wrap\" data-name=\"your-email\"><input size=\"40\" class=\"wpcf7-form-control wpcf7-email wpcf7-validates-as-required wpcf7-text wpcf7-validates-as-email\" aria-required=\"true\" aria-invalid=\"false\" placeholder=\"Your E-mail\" value=\"\" type=\"email\" name=\"your-email\" \/><\/span>\n\t\t<\/p>\n\t<\/div>\n\t<div class=\"message-box has-animation\">\n\t\t<p><span class=\"wpcf7-form-control-wrap\" data-name=\"your-message\"><textarea cols=\"40\" rows=\"10\" class=\"wpcf7-form-control wpcf7-textarea wpcf7-validates-as-required\" aria-required=\"true\" aria-invalid=\"false\" placeholder=\"Tell Us About Your Project\" name=\"your-message\"><\/textarea><\/span>\n\t\t<\/p>\n\t<\/div>\n\t<div class=\"check-box\">\n\t\t<p><span class=\"wpcf7-form-control-wrap\" data-name=\"checkbox-60\"><span class=\"wpcf7-form-control wpcf7-checkbox wpcf7-validates-as-required\" id=\"privacy_check\"><span class=\"wpcf7-list-item first last\"><label><input type=\"checkbox\" name=\"checkbox-60[]\" value=\"accept privacy policy\" \/><span class=\"wpcf7-list-item-label\">accept privacy policy<\/span><\/label><\/span><\/span><\/span>\n\t\t<\/p>\n\t<\/div>\n<\/div>\n<hr \/>\n<div class=\"button-box has-animation\" data-delay=\"100\">\n\t<div class=\"clapat-button-wrap parallax-wrap hide-ball\">\n\t\t<div class=\"clapat-button parallax-element\">\n\t\t\t<div class=\"button-border rounded parallax-element-second\">\n\t\t\t\t<p><input class=\"wpcf7-form-control wpcf7-submit has-spinner\" type=\"submit\" value=\"Send Mail\" \/>\n\t\t\t\t<\/p>\n\t\t\t<\/div>\n\t\t<\/div>\n\t<\/div>\n<\/div>\n<style>\n@media only screen and (max-width: 767px)\n{\n.wpcf7 input[type=\"email\"]\n{\nfont-size: 14px;\n}\n}\n.check-box{\nheight:fit-content;\nwidth:fit-content;\n}\n\n#privacy_check label {\ndisplay: flex;\nalign-items: center;\n}\n\n#privacy_check label input {\n width: 20px;\n height: 20px;\nmargin: 0 10px 0 -10px;\n}\n<\/style><div class=\"wpcf7-response-output\" aria-hidden=\"true\"><\/div>\n<input type=\"hidden\" name=\"trp-form-language\" value=\"en\"\/><\/form>\n<\/div>\n<\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>","protected":false},"excerpt":{"rendered":"<p>L&#8217;articolo analizza il contenuto del regolamento DORA e costituisce il primo episodio di una serie dedicata a questa normativa.<\/p>","protected":false},"author":3,"featured_media":6085,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[24,80],"tags":[64,63],"class_list":["post-6084","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cb","category-cyb","tag-regolamentazione-criptovalute","tag-regolamento-dora"],"_links":{"self":[{"href":"https:\/\/pixlex.it\/en\/wp-json\/wp\/v2\/posts\/6084","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/pixlex.it\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/pixlex.it\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/pixlex.it\/en\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/pixlex.it\/en\/wp-json\/wp\/v2\/comments?post=6084"}],"version-history":[{"count":5,"href":"https:\/\/pixlex.it\/en\/wp-json\/wp\/v2\/posts\/6084\/revisions"}],"predecessor-version":[{"id":6866,"href":"https:\/\/pixlex.it\/en\/wp-json\/wp\/v2\/posts\/6084\/revisions\/6866"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/pixlex.it\/en\/wp-json\/wp\/v2\/media\/6085"}],"wp:attachment":[{"href":"https:\/\/pixlex.it\/en\/wp-json\/wp\/v2\/media?parent=6084"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/pixlex.it\/en\/wp-json\/wp\/v2\/categories?post=6084"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/pixlex.it\/en\/wp-json\/wp\/v2\/tags?post=6084"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}