In this blog let us discuss about what is DORA EU (Digital Operational Resilience Act), DORA Customer Guides and DORA Customer Guides on the Register of Information and Communications Technology (ICT) Risk Management
The DORA rule from the EU is now in effect. Google Cloud is available to assist. As the Digital Operational Resilience Act (DORA) takes effect currently, EU financial institutions must become more resilient to increasing digital hazards.
DORA at Google Cloud share your dedication to DORA’s objectives. To make the financial industry more safe and robust, DORA can assist you achieve DORA compliance. DORA’s wide range of services, strong infrastructure, and regulatory expertise may help you succeed.
DORA is pleased to provide their new Google Cloud Third-Party Risk Management Resource Centre and their DORA Customer Guides on the Register of Information and Information and Communications Technology (ICT) Risk Management, which will help you expedite your DORA efforts. Additionally, as of right now, financial organisations can request DORA’s list of DORA Subcontractors.
What is DORA EU (Digital Operational Resilience Act)?
Financial institutions of the European Union (EU) and their essential ICT suppliers must be prepared to adhere to the EU Digital Operational Resilience Act (Regulation (EU) 2022/2554, or “DORA”). In the financial services industry and EU member states, DORA harmonises the reporting of cybersecurity events, the testing of digital operational resilience, and the management of ICT third-party risk by financial firms.
DORA gives EU financial authorities the ability to actively monitor important ICT providers in addition to setting explicit expectations for their involvement. This is applicable to cloud service providers such as Google Cloud if the requirements are satisfied.
Relevance and Google Cloud’s obligation
DORA is already getting ready to handle any direct needs and plan to speak candidly with authorities regarding designation, even though DORA won’t directly apply to Google Cloud until and until EU regulators formally designate it as an essential ICT provider.
DORA includes guidelines for how EU financial companies should handle their ICT suppliers, including cloud service providers, much like the current ICT risk management regulations. Even though ICT providers are not directly subject to these criteria, Google Cloud acknowledges that in order to guarantee their customers’ continuous success while utilising their services, DORA must allow them to fully satisfy these expectations.
Google Cloud keeps improving its operational and product capabilities in each of DORA’s emphasis areas in order to get ready. DORA has specialised teams, such as their Office of the CISO, that respond to enquiries and comments from clients in order to assist them. In order to give more information about Google Cloud’s approach to incident management, resilience, and other important DORA emphasis areas, DORA will also keep updating their documentation and resources before the 2025 deadline.
Providing DORA Customer Guides to empower you
Financial organisations must create a thorough ICT risk management plan in accordance with DORA. This can be a challenging task that calls for a thorough comprehension of potential risks and weaknesses. By connecting DORA criteria to certain Google Cloud products, DORA’s ICT Risk Management Customer Guide speeds up this process for Google Cloud. Using our services, you may create a strong foundation for ICT risk management.
Financial organisations are required by DORA to have an exhaustive list of all the ICT service providers they use. This register must adhere to a certain template and contain particular information about your contracts and service providers. In addition to offering the information you require from us to finish the pertinent forms for Google Cloud services, their Register of Information Customer Guide helps make the process easier.
Transparency regarding subcontracting fosters trust
In the context of subcontracting, openness and risk control are crucial. In recognition of this, DORA mandates that financial organisations comprehend the subcontracting agreements and specified subcontracting terms of their ICT service providers.
Google Cloud has updated their Subcontractor List to comply with DORA’s regulations in order to give you the openness you demand. By getting in touch with your Google Cloud account representative, you may request this list.
Additionally, they’re dedicated to upholding a strong third-party risk management program that satisfies the strictest security requirements.
