DORA
Definition
DORA (Digital Operational Resilience Act) is EU legislation specifically for the financial sector that sets requirements for ICT risk management, incident reporting and digital resilience of financial institutions.
DORA has been in force since January 2025 for banks, insurers, investment firms and other financial entities in the EU. The act requires organisations to structurally manage their ICT risks, report incidents within strict timelines and annually test their digital resilience.
An important element of DORA is the TLPT requirements (Threat-Led Penetration Testing): advanced pentests on production systems based on actual threat intelligence. Providers of critical ICT services also fall within scope.
DEFION offers a DORA Readiness Assessment and can conduct penetration tests that meet DORA requirements.