Last week, Cutover CEO Ky Nichol attended the London Business Resilience Conference and spoke about how organizations can get their recovery posture ready for the Digital Operational Resilience Act (DORA) with automated runbooks.
Below is a recap of what he shared at that event and more information about DORA and Cutover.
The Digital Operational Resilience Act deadline is coming up
The DORA compliance deadline is January 2025 and applies to all financial institutions in the EU. This is a deadline that will come up fast with all the preparation that needs to be done to be ready.
Common challenges to meeting the DORA deadline include:
- Testing the recovery of the hundreds of services that banks use takes too long
- Testing timelines remove available windows for other technical teams to perform changes or releases
- The absence of effective workflow orchestration for failover testing limits organizations to small, incremental activities due to the available resources and logistics
- DORA increases the scrutiny on an organization’s ability to test and report on application resilience
- Manual and inefficient processes lead to poor outcomes
How Cutover helps organizations address the five pillars of DORA
A multinational banking and financial services corporation had to test 130 services, taking over ten hours to do so. These long testing timelines removed available windows for other technical teams to perform changes or releases. The absence of effective workflow orchestration for the failover testing limited the organization to small, incremental activities due to the available resources and logistics.
Due to DORA, the bank was facing increased regulatory scrutiny on their ability to test and report on application resilience. They needed to reduce the risk of incidents and manual and inefficient processes.
Cutover enabled the bank to address the five pillars of DORA in the following ways:
1. ICT risk management and governance
Businesses need to implement a documented framework for business continuity and disaster recovery. Cutover enables organizations to automate and execute disaster recovery plans at scale, including thousands of tasks. Cutover maps task dependencies, providing a clear view of the sequence of tasks needed to ensure recovery.
2. Incident reporting and response
Organizations need to have procedures in place for identifying, reporting, investigating, and recovering from ICT-related incidents. Cutover’s real-time dashboards enable visibility into recovery and test scenarios, while the auto-generated audit log provides an accurate source of data for regulators.
3. Digital operational resilience testing
Regular resilience testing must be carried out through simulations and exercises. Cutover enables end-to-end testing via application failover at scale and pre-built runbook templates ensure consistent and effective recovery plans.
4. ICT third-party risk management
Organizations need to manage risks with third-party ICT providers. Cutover’s automated runbooks integrate with cloud service provider services such as AWS DRS, FIS and more, creating more visibility and control across both internal and external tooling.
5. Information and intelligence sharing
Organizations are encouraged to share threat information and intelligence with one another. Both internal and external collaboration are key for tackling the increasing threats facing financial services organizations today.
Be prepared for DORA compliance
The top US banks and financial institutions globally trust Cutover. We’ve helped our customers reduce application recovery execution time by 50%, use 60% less time for regulatory reporting, and reduce recovery exercising preparation time by 70%, from weeks to days.
Find out more about the DORA requirements or request a demo to see how the Cutover platform can help your organization manage compliance.