• About us
  • Newsroom
  • Careers
  • Become a partner
  • Search
Compute
High-performance, scalable computing resources for your critical workloads. Orchestrate your cloud-native applications with our modern container solutions.
Discover the Compute offer
Virtual machines
VM Instances
An on-demand, flexible and secure virtual machine solution on a shared infrastructure.
Dedicated servers
OpenSource IaaS
Open source virtualised infrastructure in a trusted SecNumCloud-qualified cloud environment for complete technological sovereignty.
VMWare IaaS
Your VMware virtual machines in a trusted SecNumCloud-qualified and HDS-certified cloud environment.
Bare Metal
Dedicated, fully customisable servers for total autonomy over your sovereign infrastructure.
Containers
PaaS OpenShift
The unified platform for creating, modernising and deploying your large-scale applications in a sovereign cloud.
Managed Kubernetes
Managed container orchestration solution offering security, resilience and advanced automation on sovereign infrastructure.
Storage
Adaptable, high-performance storage solutions for all your needs. Optimise your data with our highly available block and object solutions.
Discover our Storage offer
Storage
Block storage
The adaptable block storage solution for optimum storage performance in a sovereign cloud.
Object storage
The scalable, cost-effective storage solution for your unstructured data in a sovereign cloud.
Backup
Backup solutions
Differentiated backup solutions tailored to your challenges and environments
Network
Advanced network solutions to connect and secure your infrastructures. Deploy your private networks automatically and securely.
Discover the Network offer
Network
Virtual Private Cloud
Deploy and manage your private networks 100% automatically and securely.
Private Backbone
Take full control of your network with extended Layer 2 connectivity, designed for hybrid architectures and bespoke configurations.
Firewall
Managed Firewall
Advanced security solutions for complete insulation and enhanced protection
Accommodation Dry
Housing - Dedicated space
Secure hosting for your equipment in a dedicated or shared environment, depending on your needs.
Security
Advanced security solutions to protect your critical infrastructures. Control access and defend against online threats.
Discover the Security offer
Detection
Managed SIEM
A centralised platform for collecting and correlating security logs, combining AI-based automation and advanced detection rules (MITRE ATT&CK).
Sovereign SOC
A sovereign SOC offering operated 24/7, deployable from our marketplace, on SecNumCloud-qualified infrastructure.
Protection
Anti DDoS
The shield against online attacks
Bastion host
Transparent, centralised access control for robust protection of your infrastructure
Managed KMS
Sovereign cryptographic key management, with HSM hardware root of trust, to protect your most sensitive data on SecNumCloud infrastructure.
AI
Artificial intelligence solutions to transform your data into insights and accelerate your business processes.
Discover the AI offer
AI
LLMaaS
Access cutting-edge language models on a sovereign, SecNumCloud-qualified and HDS-certified infrastructure for high-performance, secure AI applications.
GPU
NVIDIA GPU instances to accelerate your artificial intelligence and high-performance computing in a sovereign cloud.
Data
Data solutions to manage, analyse and exploit your critical data.
Discover the Data offer
Databases
Managed MariaDB
A fully managed MariaDB relational database and PITR backup on SecNumCloud sovereign infrastructure.
Managed PostGreSQL
The fully managed relational database solution on SecNumCloud sovereign infrastructure
Big Data
Managed Kafka
The open-source distributed platform for streaming data in real time
Managed File System
A managed, sovereign, high-availability distributed file system, accessible via NFS and SMB on the SecNumCloud infrastructure.
Management & Governance
Coaching and support services to help you with your cloud transformation.
Find out about our support services
Support
Support levels
Discover the 3 levels of support available to help you meet your challenges.
Professional services
From design to optimisation, Cloud Temple is with you every step of the way.
Governance
Console - API - Terraform Provider
A single interface for viewing and managing your products and services
Observability
Infrastructure metrics available in market standards
About us
The company
Who are we?
Management team
Locations
CSR commitments
Sectors
Public sector
Healthcare
Financial sector
Industry
Our approach
Our compliance procedures
Our SecNumCloud approach
Trusted AI
Interoperability & hybridity
Transparency in the processing of health data
Newsroom
The magazine
Events & Webinars
Press releases
In the media
Knowledge database
Research Papers
Careers
Working at Cloud Temple
Join us
Become a partner
Software publishers
Managed Services Providers
FR AT FROM IT
Contact
The magazine > DORA: shaping a more secure and resilient European digital ecosystem

The Digital Operational Resilience Act (DORA) is a regulation that aims to strengthen digital resilience within the European Union, by establishing a uniform framework for managing IT-related risks. Although initially focused on the financial sector, DORA also has implications for other critical sectors such as energy and telecommunications, imposing strict standards for cybersecurity.

What is DORA (Digital Operational Resilience Act)?

Origin and objectives of the regulations

In the context of DORA, "DOR" stands for "digital operational resilience", which refers to an organisation's ability to maintain and restore its essential digital operations in the face of disruption, cyber-attack or technological failure, thereby ensuring the continuity and security of its services.

Its aim is to ensure that all players in the financial system have the insurance they need to reduce cyber-attacks and other information and communication technology (ICT) risks, maintain critical functions in the event of serious disruption, and foster confidence in their ability to cope with operational shocks.

Scope and entities concerned

Although DORA was originally designed for the financial sector, its scope of application is vast. It covers a wide range of financial entities, including :

  • Credit institutions
  • Investment firms
  • Payment service providers
  • Insurance and reinsurance companies
  • Alternative investment fund managers
  • Crypto-asset service providers

In addition, DORA also applies to critical third-party suppliers of ICT services to these financial entities, recognising the importance of the supply chain to overall operational resilience.

Implementation schedule

The timetable for implementing DORA is progressive, allowing the entities concerned to adapt to the new requirements:

  • December 2022: Final adoption of DORA by the European Parliament
  • January 2023: DORA comes into force
  • January 2025: Planned date for effective application of DORA

The two-year period between entry into force and effective application is intended to give companies the time they need to comply with the new requirements.

The main pillars of DORA

DORA is based on four fundamental pillars designed to strengthen the digital operational resilience of the entities concerned:

ICT risk management

DORA requires entities to put in place a robust ICT risk management framework. This includes:

  • Identifying and classifying information assets
  • Protection and prevention against potential threats
  • Detecting anomalies and security incidents, which requires an SOC to be in place
  • Setting up response and recovery processes

Companies will need to demonstrate that they have a thorough understanding of their digital risks and that they have effective strategies in place to manage them.

Digital operational resilience testing

DORA introduces a requirement for regular digital operational resilience testing. These tests may include:

  • Vulnerability analyses
  • Penetration tests
  • Crisis simulation exercises
  • Disaster recovery tests

The aim is to verify the ability of the entities to maintain their critical operations in the face of major disruptions.

Incident management and reporting

Another aspect of DORA is the improvement of incident management and reporting processes. Entities will have to :

  • Implement procedures for detecting and managing ICT-related incidents
  • Classify incidents according to their seriousness
  • Report major incidents to the appropriate authorities within strict deadlines
  • Share information on threats and vulnerabilities with other players in the sector

This approach aims to improve responsiveness to incidents and encourage the sharing of information within the sector.

The authorities responsible for receiving notifications of major incidents are the European Supervisory Authorities (ESAs):

  • The European Banking Authority (EBA)
  • The European Securities and Markets Authority (ESMA)
  • The European Insurance and Occupational Pensions Authority (EIOPA)

Managing the risks associated with third parties and ICT service providers

Recognising the increasing reliance on cloud service providers and other ICT providers, DORA also imposes strict requirements for managing third-party risks. These include:

  • Rigorous risk assessment before committing to a supplier
  • The establishment of detailed contracts covering security and resilience aspects
  • Continuous monitoring of supplier performance and compliance
  • Planning exit strategies in the event of failure of a critical supplier

Implications of DORA for businesses

New governance and risk management requirements

DORA imposes significant new requirements in terms of governance and risk management:

  • Increased responsibility of the Board of Directors and management in overseeing ICT risks
  • The need for documented policies and procedures for digital risk management
  • Obligation to carry out regular risk assessments and update risk management strategies

Companies will need to integrate digital operational resilience into their overall strategy and corporate culture.

The need to strengthen cyber security capabilities

To comply with DORA, many companies will need to significantly strengthen their cybersecurity capabilities:

  • Investment in cutting-edge technologies for threat detection and prevention
  • Ongoing staff training on cyber security issues
  • Setting up teams dedicated to incident management and crisis response. This can be done through an SOC or an outsourced CERT.
  • Developing in-house skills in digital risk analysis

Impact on relations with cloud service providers

DORA will have a significant impact on the way businesses manage their relationships with cloud service providers and other ICT suppliers:

  • The need to carry out more in-depth evaluations of suppliers before making a commitment
  • Requirement for more detailed contracts covering security, resilience and compliance aspects
  • Obligation to set up continuous supplier monitoring processes
  • Need to develop robust exit strategies for critical services

Companies will need to adopt a more proactive and rigorous approach to managing their ICT service providers, ensuring that they meet the high standards imposed by DORA.

DORA therefore represents a significant change in the way European businesses, particularly in the financial sector, approach digital operational resilience. DORA also offers an opportunity to strengthen cybersecurity, improve customer confidence and contribute to the creation of a more resilient digital ecosystem in Europe.

With its solid experience in compliance projects and certified consultants, Cloud Temple can help you achieve DORA compliance. Contact our teams

DORA-accompaniment sheetDownload
Catégories
Cybersecurity & Compliance
The magazine
Cookie policy

We use cookies to give you the best possible experience on our site, but we do not collect any personal data.

Audience measurement services, which are necessary for the operation and improvement of our site, do not allow you to be identified personally. However, you have the option of objecting to their use.

For more information, see our privacy policy.

Authorise Refuse