The Digital Operational Resilience Act at EXCON
The financial and insurance sectors in particular are facing new regulatory challenges with the Digital Operational Resilience Act (DORA). As an experienced ICT third-party service provider, EXCON works hand in hand with its clients. With many years of experience and expertise, we implement the regulation in our management systems and processes, providing reliable support for efficient and compliant digital transformation.
EXCON as an experienced partner for regulatory requirements
EXCON has been successfully supporting financial companies in meeting regulatory requirements for many years. With an in-depth understanding of regulatory frameworks and a holistic service philosophy, we have effectively integrated the new DORA requirements into our IT and process landscape. Information security and data protection have been an important part of our corporate philosophy from the very beginning.
Strategic measures for DORA readiness
To prepare for the requirements of DORA, we have launched a company-wide DORA project. Here, our experts from various departments, including the Chief Information Officer (CIO), Chief Information Security Officer (CISO), Head of Legal, Internal Audit, and Executive Management, work closely together. This initiative ensures that we are immediately ready to go for our clients without any lengthy regulatory lead times – because we are DORA-ready. And this is not just a snapshot, but also takes into account future changes, which are continuously analyzed and incorporated into our processes, management systems, and information security strategy, as well as into our contractual provisions.
One focus of our comprehensive information security strategy is on internal awareness: digital operational resilience has been integrated into our training concept to create a deep understanding of the new regulatory requirements.
New functions and optimized processes
With the introduction of the new role of ICT coordinator, who reports directly to senior management, EXCON has created a central point of contact for all matters relating to DORA. Annual reports are available to clients on request and provide transparency in this area as well.
Incident management has also been adapted to DORA requirements: the process for reporting ICT incidents has been implemented and seamlessly integrated into the existing reporting systems. This creates even greater security, as every single incident is recorded by the process, regardless of whether it can be clearly assigned to a specific incident type or not.
“By implementing measures to ensure DORA compliance, we are not only complying with regulatory requirements, but also strengthening our digital resilience in the long term. Our goal is to secure our systems as much as possible and provide our clients with the necessary information efficiently.” – Benno Harbauer, ICT Coordinator at EXCON.
Efficient implementation of the new requirements
EXCON provides its clients with targeted support in creating and maintaining the information register required by DORA. Relevant data can be accessed at any time and easily transferred to existing systems. This saves valuable time and reduces administrative effort.
In addition, EXCON is ideally equipped to support financial companies with tailor-made solutions for further DORA requirements, such as:
- Creating inventories
- Developing business continuity plans
- Conducting digital operational resilience tests, including TLPT (Threat-Led Penetration Testing)
Trusted partner for managing third-party ICT risks
As an established outsourcing partner in the finance and insurance industry, EXCON has many years of experience in managing third-party risks. With an ISO 27001-certified information security strategy, we set the highest standards and offer financial companies the necessary security and compliance.
Conclusion: DORA ready with EXCON
The implementation of DORA requires a comprehensive strategy and close cooperation with experienced third-party ICT service providers. EXCON is ready to accompany its clients on this journey and act as a competent partner for digital operational resilience.
