Resources
Case Studies
DORA Gap Assessment and Implementation

DORA Gap Assessment and Implementation

Achieving Compliance aligned to the Digital Operational Resilience Act

The Challenge

This global organisation is the go-to operational partner for fund managers (funds) and corporates looking to streamline and integrate business-critical administration. Their purpose is to help businesses find their flow anywhere in the world. The organisation provides administrative and operational support solutions so that companies and funds can operate anywhere, with full compliance.

The Digital Operational Resilience Act (DORA) applies to financial entities operating in the EU. Xcina Consulting was engaged as a strategic partner to support the organisation’s DORA compliance initiative.

Methodology and Approach

With a particular focus on European operations, our role was to:

Conduct a gap assessment of the client’s frameworks and preparations against the requirements of the Digital Operational Resilience Act (DORA), both at the Group level and for four European entities.
Set up the remediation/implementation project

In the next phase, we provided project management and SME support in the delivery of DORA-specific implementation requirements, including the following:

Risk Management Policy Update
Risk Appetite Definition
Third-Party Cataloguing
Third-Party SLA Development
Resilience Testing Scenario Definition
Testing Schedule Establishment
Policy Drafting
SDLC and Change Process Integration
Incident Management Procedure Update
Training Curriculum Design
Employee Training Sessions
Tabletop Exercises and Simulations
Recovery Strategy Refinement
Reporting Template Development
Mock Incident Reporting Test

Results and Outcome

Thanks to Xcina’s assistance, the Client was able to establish a more robust cyber resilience framework and demonstrate a defensible position in terms of DORA compliance to the regulator and its clients, partners, and internal stakeholders. It had a robust control framework in place to maintain critical services in the event of any significant business disruptions, whether from internal or external sources, including its supply chain.

What This Means for You

Whether you are at an early stage of your Cyber Resilience journey or looking for continuous improvement, Xcina delivers:

Independent benchmarking assessments against leading cyber resilience frameworks such as PS21/3, PS24/16, NIST, CAF, ISO27001, NIS2, DORA and TSA, identifying areas for improvement
Expert advice on complex security, resilience and certification issues and best practices
Pragmatic implementation assistance to help strengthen your security and resilience posture
A long-term partnership and ongoing assistance throughout your journey, not just a point-in-time assessment

To find out more about how we can assist you, please refer to our Regulatory Compliance Consulting Services and Solutions at https://xcinaconsulting.com/services/regulatory-compliance/

Industry and sector:

Financial

Solutions and service area:

Xcina’s objective:

Xcina Consulting was engaged as a strategic partner to support the organisation’s DORA compliance initiative.

We’d love to hear from you

We have a strong track record in providing risk advisory services with a focus on governance, regulatory compliance, conduct and culture, data protection, and third-party assurance. We help organisations successfully address governance, risk management and compliance challenges.

To discuss how the areas highlighted in this case study, or any other aspect of risk management, information governance or compliance impact your business, speak with our team, tell us what matters to you and find out how we can help you navigate complex issues to help you deliver long term value.

If you have any questions or comments, or if there’s anything you would like to see covered, please get in touch by emailing Xcina Consulting at info@xcinaconsulting.com. We’d love to hear from you.

Lindsey Domingo

Senior Director

Speak to me directly by Email, or
Telephone: +44 (0)203 745 7826