In the third part of our Summer of Software Regulations & Compliance webinar series, the Digital Operations Resilience Act (DORA) took center stage with Ilkka Turunen, Field CTO at Sonatype joining Friso Schutte, the CTO of fintech leader SurePay for a discussion on what financial service providers can do to prepare.
DORA becomes enforceable in January 2025, which gives the financial institutions it seeks to protect just a few months left to prepare. DORA applies to every bank, investment service, and insurance company doing business within the European Union – more than 20,000 companies – and third-party service providers are considered critical to those entities.
DORA is an opportunity to formalize best practices that are already widely used
Resilience is the key outcome DORA wants to achieve, and keeping financial transactions moving uninterrupted is obviously an area that is top of mind for these institutions.
So, it's unlikely DORA's requirements will catch anyone off guard, but even for the most diligent organizations, this is an opportunity to formalize those measures and even test the strength of their planning.
Documenting and testing these procedures can help. Performing an annual audit or scenario testing to make sure policies and procedures reflect the latest company information or contacts within the process.
DORA understands the value of SBOM management
Software composition analysis (SCA) is key to DORA, and it has been developed to encourage organizations to adopt a shift left approach where open source component analysis is built into the process. Software bills of material (SBOM) have emerged as the best tool for gaining full awareness of what goes into an application and what vulnerabilities might pose a risk.
You can watch Understanding DORA Compliance: Insights from SurePay and Sonatype on demand now.
