Unlike other sectors of the economy that also have to comply with NIS2, the financial sector is no stranger to strict regulations like DORA. These organizations have worked hard on their data resilience and cybersecurity strategies.
Even if they have to comply with an additional regulation with DORA, the gap between the current and required state of affairs should be manageable, at least as far as their internal processes are concerned. It's a completely different story when it comes to third-party offerings and services and the entire supply chain. No matter how exemplary a compliance record you have, companies that cannot guarantee that relevant partners also comply with the regulations will have difficulty demonstrating holistic compliance, which could lead to potential fines or other negative consequences.
Compliance with DORA as an essential requirement
At a minimum, companies must ensure that robust risk management processes are implemented across the entire supply chain. In this context, companies must require the renegotiation of all third-party service level agreements (SLAs) to solidify compliance with DORA as a key prerequisite for collaboration. While it is time-consuming, companies should not underestimate the importance of ensuring that third parties also comply with applicable regulations. (Andre Troskie, EMEA Field CISO, Veeam)
More at Veeam.com
About Veeam Veeam offers companies resiliency through data security, data recovery and data freedom for their hybrid cloud. Veeam Data Platform offers a single solution for cloud, virtual, physical, SaaS and Kubernetes environments, giving businesses the confidence that their applications and data are protected and always available to keep their businesses running.