DOReAdy

Discover what DOReAdy is all about with this 32 seconds’ video.

  • Retrieve all Strategy-related elements from the DORA regulation, under four main themes:

    - scope identification

    - requested decisions

    - requested controls

    - audit preparation

  • Retrieve all Risk-related elements from the DORA regulation, under four main themes:

    - assessment

    - monitoring

    - testing

    - audit preparation

  • Retrieve all Legal-related elements from the DORA regulation, under three main themes:

    - pre-contractualization

    - during contract

    - termination

IN A NUTSHELL…

“DOReAdy” ALLOWS YOU TO:

FOR FINANCIAL INSTITUTIONS UNDER THE SCOPE OF THE DIGITAL OPERATIONAL RESILIENCE ACT AND FOR CONSULTING COMPANIES POSITIONING CONSULTANTS ON DORA PROJECTS:

  • Concerning “DORA compliance” internal projects, DOReAdy provides you with a mapping of the DORA text in order to easily identify:

    • the Strategic-related categories to address

    • the Risk-related categories to address

    • the Legal-related categories to address

    • For all the above:

      • the identification numbers of the associated DOReAdy items

      • the exact words from the DORA text associated with each DOReAdy item

FOR FINANCIAL INSTITUTIONS UNDER THE SCOPE OF THE DIGITAL OPERATIONAL RESILIENCE ACT:

  • For preparation of DORA audits, in addition to the above, DOReAdy provides you with:

    • additional Strategic and Risk-related compliance guidelines for :

      • wording adaptation with the auditors

      • priority matrix followed by auditors

"ONE LOOK IS WORTH A THOUSAND WORDS" (FRED R. BARNARD)

* * *

"ONE LOOK IS WORTH A THOUSAND WORDS" (FRED R. BARNARD) * * *

Example from the DOReAdy Methodology Matrix

Here is an example of the “Testing” category related to Risk. The Testing category contains multiple themes, including one called “Framework”, which contains the greatest number of DOReAdy items and is consequently the most important theme to implement. The DOReAdy item #119 is listed under this “Framework” theme.

Now using the mapping table, you can easily retrieve the DOReAdy item #119, the associated exact words from the DORA text, as well as be able to retrieve the chapter, article, and paragraph where these words are located in the text.

FAQ

  • The DOReAdy Methodology Matrix facilitates :

    • the DORA compliance projects by :

      • offering the overview of the themes to be addressed by Strategy, Risk Management, and Legal teams

      • sharing the themes’ priorities according to the overview of the themes with the most DOReAdy items

      • using the exact words of the DORA text durihg each theme’s implementation

      • mapping the DOReAdy items with the exact words and localization in the DORA text

    • the preparation and the compliance of DORA audits by :

      • adapting speeches with the auditors through the use of the exact words from the DORA text

      • offering the overview of the additional themes that will be investigated by auditors on Strategy and Risk Management

      • sharing the additional themes’ priorities according to the overview of the themes with the most DOReAdy items for Audit Preparation

  • Once you subscribe to this service, you will have a secured access to the overview and analysis of the content of the DORA text. This overview and analysis is composed of “DOReAdy items” that refer to specific items of the DORA text.

     In parallel, the excel file with the DOReAdy items’ mapping to the DORA text is sent to the email address you used to subscribe, through a secured link. This excel file enables you to locate each item to their exact chapter, article, and paragraph in the DORA regulation.

    The DOReAdy items’ mapping with the DORA text is an Excel file that is automatically sent to you through a secured link when you subscribe and after you agree on the Terms & Conditions.

    In case you missed our email with the link to our Terms and conditions, you can also find it here.

  • You can reuse this tool with your other clients. However, please remember from the Terms & Conditions you agreed upon during subscription that DOReAdy is a registered trademark, and that:

    • you should clearly express that the DOReAdy Methodology Matrix and its content are the ownership of CYBERSEC AT HAND

    • you cannot adapt the DOReAdy tool in order to present the adapted version as being your own

    • the people in your organizaion are well aware of the two above points

  • CYBERSEC AT HAND can directly provide consultants to work on DORA projects, but if nobody is available on our side, we partner with multiple consulting companies throughout Europe that use the DOReAdy Methodology Matrix for their clients’ compliance projects on DORA.

    Consulting companies that are already involved in your DORA compliance projects can also subscribe to DOReAdy in order to use the DOReAdy Methodology Matrix a a guiding and facilitating tool.

  • Inside each category, the DOReAdy items in dark purple are specific to only one theme in this category. The DOReAdy items in light purple are shared with more than one theme in this category.

"EITHER WRITE SOMETHING WORTH READING, OR DO SOMETHING WORTH WRITING" (BENJAMIN FRANKLIN)

* * *

"EITHER WRITE SOMETHING WORTH READING, OR DO SOMETHING WORTH WRITING" (BENJAMIN FRANKLIN) * * *

PUBLISHED CYBERSEC AT HAND’s CONSULTATION FOR GOVERNMENTAL ORGANIZATIONS

The linked document is a public consultation by the European Supervisory Authorities in which CYBERSEC AT HAND participated regarding the second batch of the Digital Operational Resilience Act (DORA)’s RTS and ITS. It addresses the following:

  • the content of the notification and reports for major incidents and significant cyber threats

  • determining the time limits for reporting major incidents

  • the standard forms, templates and procedures for financial entities to report a major incident

  • the standard forms, templates and procedures for financial entities to notify a significant cyber threat