The ESAs have published the final Policy documents which complete the set of documents complementing DORA (REGULATION (EU) 2022/2554).
The following final documents have been issued:
· Final report DORA RTS on TLPT (Threat-led Penetration Testing)
· Final report on the draft RTS and ITS on incident reporting
· Final report on RTS on harmonisation of conditions for OVS conduct
· Final Report RTS on JET (Joint Examination Team)
· Final report GL on costs and losses
· Final report on GL on oversight cooperation
The final RTS on Subcontracting has not yet been released but will be also published in due course.
Changes have been made since the last draft publication. We must explore to see what the final requirements are and get our organisations compliant by January 2025.
Is this enough time? There is plenty that needs to be done within the next five months so we must get going.
As part of our motivation to get these requirements implemented, we must remember that the requirements embedded in DORA, including all complementary documentation, are there to safeguard our organisations from cyberattacks, unauthorized access, confidentiality breaches and outages and which will enable continuity of business even in times of disruption. This will in turn lead to the avoidance of financial and reputational losses, amongst others.
For all the details published by the ESAs follow this link: https://europa.eu/!3BKjrX