The biggest challenges
The authors of the study attributed this in part to the late publication of the technical standards, in addition to the extensive detail of the regulations. According to the German Association of Insurers (GDV), some technical details of DORA remain unclear, in particular concerning management of third-party risks. Under DORA, financial companies must manage both internal information and communication technology (ICT) risks and risks from third-party providers and their subcontractors.
“For contract management with service providers, the outstanding specifications for subcontracting must be finalized quickly,” says Jörg Asmussen, general manager of the GVD.
Ron Kneffel, chairman of the board of the CISO Alliance, also confirmed to CSO that many companies have not yet completed the necessary measures to be fully DORA compliant. “The biggest hurdles continue to be renegotiating existing contracts with IT service providers and partners, as well as creating and maintaining detailed information registers,” Kneffel explains.
