The Digital Operational Resilience Act (Regulation (EU) 2022/2554), known as DORA, is a framework designed to alleviate risks for Financial Services organisations when engaging with other businesses. 

Introduced by the European Union, DORA aims to strengthen the operational resilience of financial entities and their critical service providers. DORA, together with the technical standards and guidelines developed by the European Supervisory Authorities (ESAs) in January and July 2024, has been in place and enforced since 17^th January 2025.

Intragen are offering Identity and Access Management (IAM), Privileged Access Management (PAM), Identity Governance and Administration (IGA), Customer Identity and Access Management (CIAM) solutions, and other services. Intragen shall comply with DORA’s provisions to ensure that the services provided are resilient, secure, and capable of continuing in the event of ICT-related disruptions.

Why is DORA important?

DORA helps Financial Services organisations to understand how, why and when Information and Communication Technology suppliers are using their data.

There are financial penalties for non-compliance with the DORA framework. Those penalties vary based on the severity and nature of the violation. Institutions found in breach may face fines of up to 2% of their total annual worldwide turnover or 1% of their average daily turnover worldwide.

We’re pleased to be able to offer services complying with the DORA regulations and will continue to hold ourselves accountable to the highest levels of security and operating standards.

How does working with a DORA ready business protect my organisation?

The management of ICT third-party risk is a core tenet of DORA. This ensures Financial Services organisations implement measures for the sound management of ICT risks posed by third-party service providers. We understand and value the importance of being able to provide a robust and resilient service that complies with DORA regulations. We want our clients to spend their energy ensuring they are compliant in the areas they can directly control, such as reporting, testing and auditing.

What role does IAM play in the DORA regulations?

Any ICT service falls under the regulation of DORA, IAM is a service pillar that already focuses on cyber-resiliency. Working with a partner like Intragen means you can rely on the IAM services we provide to minimise identity theft and misuse, but also that the services we provide are inherently secure and comply with the DORA regulations.

Are Intragen DORA ready?

We understand the DORA requirements and how they apply to us as a third-party ICT service provider. In fact, we’ve already been through the process with a few of our Financial Services clients to be ‘DORA ready’, enabling us to continue providing our range of IAM Services.

To ensure continued compliance with DORA and maintain operational resilience, we will conduct regular audits and ongoing evaluations of systems and associated services. These audits will include:

• Internal Reviews: Intragen will conduct regular internal audits of IAM systems, business continuity plans, and incident response procedures to ensure alignment with DORA’s evolving requirements.
• External Audits: We will engage with external auditors or consultants to verify compliance with DORA and ensure that we meet necessary standards for operational resilience.
• Continuous Monitoring: Systems are established for continuous monitoring and there is ongoing testing of IAM services to identify vulnerabilities and ensure resilience, particularly in critical systems.

Regular audits ensure that we can swiftly address any compliance gaps and maintain a high level of service continuity for our Financial Services clients.

DORA is a comprehensive regulation that significantly impacts both financial institutions and their third-party service providers, including Intragen. By understanding and complying with the key provisions outlined in the DORA framework, we can help our Financial Services clients maintain operational resilience in the face of digital disruptions. Being fully prepared for DORA not only demonstrates our commitment to regulatory compliance but also showcases professionalism and a strong focus on security and operational resilience. This proactive approach positions us as a trusted partner for financial institutions seeking to meet the highest standards of digital operational resilience.

Please get in touch with our team if you would like to discuss how Intragen can help you.