01
Rate your DORA status
Review your needs, those of your stakeholders and the needs of your ICT providers for compliance requirements.
02
Arrange an analysis meeting
We'll talk for 30 minutes to get to know each other and determine your current information security posture with respect to DORA, then explain the ideal path to DORA compliance that fits your size and needs.
03
Know and choose your options
You can choose either a standardized or customized training offer or a fully customer-oriented consulting service, we will implement the desired solution.
04
Meet the more secure you
Auf Basis Ihrer Optimierungen und des tieferen Wissen zur Informationssicherheit haben Sie ein höheres Maß an Cybersicherheit und betrieblicher Resilienz erreicht, die nachweisbare DORA-Compliance stärkt ihr Vertrauen in Ihre Organisation und ebenso das Vertrauen der Kunden, dass Ihr Unternehmen mit geringeren Risiken sowie ohne Unterbrechungen betrieben wird.
Consulting for DORA
Our process at a glance
I would be happy to work with Mr. Salvador and his team again on the next project. Thank you and all the best!
Andreas Freitag, BMW AG
My TISAX® audit went smoothly and was successful right from the start. We were able to demonstrate our information security in accordance with TISAX® and can now win new automotive customers.
Gaps in our preparation and testing were closed promptly and high-quality documents were delivered by Opexa. I can only recommend the team around Klaus Höllerer, Klaus Kilvinger and Thomas Salvador.
Dr. Samir Kadunic, MAASU GmbH
When reviewing customer requirements in the area of TISAX®, the company urgently needed advice. Thanks to the help of Opexa Advisory GmbH, we were able to meet our customer requirements and also achieve our goals with significant cost savings.
Opexa Advisory is the ideal partner due to its many years of automotive experience, project know-how and competent, efficient and uncomplicated support.
Herbert Schmidt, Dennemeyer & Co. GmbH
What our customers say
Frequently asked questions about Financial Services Consulting for DORA
We already meet other standards (e.g. ISO 27001, BAIT, VAIT, KAIT) is that an advantage?
This gives you a clear advantage, as an organizational, professional and technical basis for the extended measures in accordance with DORA has already been laid, saving time and money.
If an integrated view of the required processes, documents or policies and use of the required management systems is possible, all the better!
However, you must still be able to demonstrate conformity with the respective standards in the specific audits.
Wie lange dauert die Implementierung von DORA?
Depending on size, locations, countries, operational quality, structure and information security measures/standards already implemented, this can take 3 to 24 months.
Who has to implement DORA?
Not only financial institutions but also their third-party ICT providers are expected to implement it to mitigate the risks associated with cyber threats.
What other benefits can we expect?
Your overall information security resilience improves and you have better protection against cyber risks.
In addition, top management would face personal risks related to compliance and liability if demonstrable measures are not taken to improve and maintain adequate information security to ensure operational resilience.
First, a preliminary clarification of the environment and needs
The gap analysis is then carried out
If the requirement is met, a declaration of conformity is issued
In case of deviations, an action plan will be drawn up
The documentation of the analysis is transmitted as a PDF
The implementation takes place remotely
The lead time is 2 weeks
No risk based on the fixed price
DORA Gap Analysis at a fixed price
Die Finanzunternehmen müssen von jedem Dienstleister Informationen einholen und diese sollten für sich prüfen, ob DORA-Konformität vorliegt. Für die IKT-Drittdienstleister, die nicht "kritisch" sind, bieten wir eine standardisierte Gap-Analyse zum Festpreis an, auf deren Basis dann der Kunde informiert werden kann. Der Prüfrahmen ist durch den Art. 33 Abs. 3 DORA vorgegeben.
The Digital Operational Resilience Act (DORA) is a regulation of the European Parliament and Council on the operational resilience of digital systems in the financial sector that is currently in the legislative process. It sets out uniform requirements for the security of network and information systems across the entire financial sector, including their local and international ICT partners! This also includes further developments in the delivery models for IT services, such as cloud services and infrastructure-as-a-service. DORA is intended to improve information security and strengthen the digital operational resilience of European financial companies. Implementation into national law and regulations is underway; banks, insurance companies and ICT service providers must implement the new information security requirements. Early preparation is the key to achieving compliant status in good time and avoiding fines.
Our partners
Our DORA consultants will guide and support you to ensure that your company also meets more complex requirements, such as more comprehensive risk management, threat intelligence collection and advanced security testing. For "non-critical" ICT third-party service providers, we apply the more limited scope of monitoring described in Art. 33 para. 3 DORA to save costs and time.
We support you in the necessary legal compliant conversion with:
Establishing a Framework for ICT Risk Management
Establishment of incident management and efficient reporting processes
Annual testing of critical systems and applications
Appropriate ICT third-party management