The EU’s Digital Operational Resilience Act (DORA 2022/2554) regulates financial entities through contractual requirements with technology providers, including cybersecurity.
As an Information and Communication Technology (ICT) provider, Sophos supports EU Financial Entities under DORA through Article 30 requirements, such as:
- Including standard contractual terms in agreements where DORA is relevant.
- Meeting, and in many cases exceeding, DORA requirements with data protection, security controls, a clear risk management framework, vulnerability and patch management, and agreed service levels.
- Maintaining a comprehensive incident response plan, a business continuity plan, internal training, and transition strategies when needed.
- Supporting Financial Entities with SSAE 18 SOC2 and ISO 27007 standards, Sophos’ most recent SOC2 and ISO 27001 reports, and reasonable requests to evidence compliance.
Download the Sophos whitepaper.
See Regulation (EU) 2022/2554 on digital operational resilience for the financial sector (DORA)
Contact your Sales Representative for more information about how Sophos supports Financial Entities that are meeting their regulatory requirements under DORA.