Go to content
Twee mannelijke collega's in overleg, kijkend op een beeldscherm, in de Monitoringroom
News 23/09/24

Getting ready for DORA: the AFM explains the testing of digital operational resilience

The Dutch Authority for the Financial Markets (AFM) issues its fifth DORA update explaining the key aspects of the Digital Operational Resilience Act (DORA). This guide focuses on the testing of the digital operational resilience. Firms can already get started.

DORA has been in force since January 2023. DORA is a European regulation that aims to ensure that financial organisations have better control of IT risks and are thus more resilient to cyber threats.

Testing of the digital operational resilience

DORA expects financial firms to take appropriate measures and to set up processes aimed at improving information security and cyber resilience. To ensure that these measures are adequate, it is important that ICT tools and systems are regularly tested to expose any vulnerabilities and deficiencies. Regularly testing the resilience of ICT tools and systems enables firms to ensure the continuity of critical and important functions in case of any disruptions.

This DORA update takes a closer look at the testing programme to be set up by firms. The testing programme includes the tests, practices, methodologies and tools regularly applied to assess the ICT systems, tools and processes. In addition, a number of firms will be designated to conduct advanced testing by means of threat-led penetration testing (TLPT) once every three years. This update discusses the processes involved in the instruction and implementation of TLPT.

Supervision of the Regulation

Firms have until January 2025 to comply with the regulation. After that, DORA will be officially applicable and the AFM and DNB will supervise the regulation. Some firms are already subject to DORA-related requirements under existing laws and regulations.

Contact for this article

AFM

Would you like to receive the latest news from AFM?

Subscribe to our newsletter, we will keep you up-to-date.