Our latest whitepaper is a comprehensive guide which outlines how financial services companies can prepare for the incoming Digital Operational Resilience Act (DORA).

The whitepaper explores DORA in detail, and includes:

  • An introduction to the broad scope of, and rationale behind, DORA, as well as the timelines for implementation;
  • An exploration of the central requirement of DORA: the creation of a risk management framework for digital risk;
  • An examination of the contract remediation workstream that will be required, and;
  • A review of the impact of DORA on the technology companies that supply ICT service to financial entities.

The excerpt below is from Section Two of the whitepaper “How to create a risk management framework – Step 2 Perform a gap analysis.”

How to create a risk management framework – Step 2 Perform a gap analysis

A number of requirements in DORA will be familiar to financial entities and some will stand as effective compliance with DORA. Others bear a similarity which is more helpful than conclusive, requiring further steps to be taken before a requirement currently being met satisfies the requirements of DORA.

This variance likely requires a gap analysis if the aim is to map the new regulations with the current ones, but this will potentially require significant effort.

An initial review should consider two questions as a first step in determining whether existing regulations can form the basis of DORA compliance:

  1. Subject matter: Is the subject matter of the current regulations sufficiently similar to DORA?
  2. Scope: Is the scope of the current regulations sufficiently similar to DORA?

Contract negotiation – comparing existing contracts to DORA requirements

Source: Section Two: How to create a risk management framework – Step 2 Perform a gap analysis. From the Johnson Hana whitepaper.

You can download the whitepaper here:

How to prepare for the Digital Operational Resilience Act

About Johnson Hana

Johnson Hana is Ireland’s leading alternative legal solutions provider. That means we disaggregate legal advisory and legal process work, and focus on the latter.

We offer:

Legal Process Outsourcing – whereby a specific legal process is carved out and outsourced to us

Legal Process Secondments – to augment a busy legal team or fulfil a temporary requirement for an experienced legal professional.

Historically, legal advisory and legal process work were tackled and billed in the same way. This means that all legal work has been as costly and time consuming as legal advice.

It doesn’t need to be.

We deliver legal process work through a combination of innovative legal technologies, robust project management methodologies, and expert lawyers. This approach reduces client legal spend by over 50%, while also providing totally transparent reporting and billing. This leaves our clients free to focus on the strategic, advisory work that really adds value.

Want to know more?