By January 17th, financial sector stakeholders will need to comply with the DORA regulation, which pertains to digital operational resilience. Anidris, a company specializing in IT infrastructure consulting and project implementation, is supporting Luxembourg actors in managing change. This involves not only the implementation of flexible and robust IT environments but also ensuring that employees understand these challenges through training.
"Adopted two years ago, the European regulation DORA (Digital Operational Resilience Act) includes a set of rules related to the management of risks and incidents linked to information and communication technologies. These rules apply to systems directly operated within the company as well as to its service providers. It also mandates conducting tests to ensure the operational resilience of stakeholders," comments Loris Rilli, Senior Advisory Consultant at Anidris, which assists Luxembourg actors in managing their IT infrastructure. The goal is to strengthen the operational resilience of the stakeholders as well as the entire financial ecosystem.
Starting with Risks
"DORA significantly raises the level of requirements for stakeholders. By introducing a principle of board responsibility, the regulation positions resilience as a priority issue," continues Loris Rilli. "This first implies that leaders are trained to establish an appropriate risk management framework, make the right decisions, and fully assume their responsibilities concerning these obligations. Indeed, it is crucial that leaders are capable of ensuring effective and responsible risk management. Without adequate training, they risk making poorly informed decisions that could compromise the organization's stability and regulatory compliance."
To comply, each organization must start with an analysis of the risks it faces. "This notion of risk is central to everything. Each actor must be able to identify its essential services, the vital functions allowing it to ensure a minimal service for its clients or other operators in the financial ecosystem," explains Loris Rilli. "Considering each identified risk, the entity must then implement a set of measures aimed at preventing any incident that could jeopardize information systems and, if necessary, procedures to ensure the rapid resumption of activities."
The Importance of Proper Training
It is necessary to view this regulation through the lens of compliance, security, and resilience. "These three dimensions are deeply intertwined. The real challenge is to align them properly," explains Loris Rilli. "To this end, training is a key issue. It is essential that all people involved in managing security and continuity have the same understanding of the objectives pursued and speak the same language. We also quickly realize the importance of raising awareness among all staff about the issues of cyber-resilience."
A Unique Training Offer
While Anidris advises its clients on implementing resilient IT infrastructure, the company has also developed a training offering to support organizations with these challenges. "We have set up a series of training modules accessible via the web. The first two are aimed at all employees. They provide an introduction to the subject and cover the five pillars of resilience," explains Loris Rilli. "The following modules are designed to meet the needs of various professions involved in managing resilience. Among these, we specifically address technical issues—which are at the core of our company's mission—such as information system architecture, the infrastructure in place and its management, the implementation of control procedures, and risk prevention."
According to Anidris, this training offering, the only one entirely made in Luxembourg, allows for a thorough approach to the compliance challenge that many organizations will have to tackle in the coming months:
For more information on Anidris' DORA training, please write to: sales@anidris.lu
