Devhd: A DORA (Digital Operational Resilience Act) compliance project cannot take less than 6 months, and companies that haven't addressed this risk failing to meet all compliance requirements by January 17, 2025, potentially losing their operating licenses or facing substantial fines.

Devhd - company specializing in innovative digital transformation solutions based on ServiceNow technology, allerts that organizations active in the financial services sector have less than 7 months until the European regulations on digital operational resilience, outlined in the Digital Operational Resilience Act (DORA), come into effect.

"A DORA compliance project cannot take less than 6 months, and companies that haven't addressed this risk failing to meet all compliance requirements by January 17, 2025, potentially losing their operating licenses or facing substantial fines. It's important to note that digital operational resilience isn't just a set of cybersecurity tests but an extensive governance program with principles, procedures, and IT solutions for automating IT and security processes," says Adrian Herdan, CEO of Devhd.

DORA regulations require financial organizations to develop capabilities for protecting, detecting, mitigating, recovering, and remediating IT&C assets in case of cyber-attacks or any incidents related to IT&C infrastructure. The new regulations cover not just banks but also insurance companies, investment firms, crypto service providers, and more.

To achieve compliance, financial service companies need to adhere to several main areas:

1. Establish a risk management framework based on key IT security policies and principles, identify important or critical IT&C services, map associated assets, third parties, and their interdependencies, and develop business continuity and incident recovery strategies.
2. Clearly define how to report incidents, as they will need to do so within 24 hours of occurrence and identify the cause of the attack within a month; also, calculate the aggregate cost of incidents.
3. Regularly test operational resilience, with mandatory tests for more financial service companies than before.
4. Ensure robust monitoring of risks stemming from dependence on third-party IT&C providers.
5. Collaborate with national and international security teams and other financial entities, sharing information about security risks, which will enhance the entire industry's operational resilience and minimize the spread of cyber threats.

"Currently, according to a ServiceNow analysis, the major challenge for financial service companies is identifying the IT&C assets they own, understanding how the technologies they use interconnect, and the involvement of third-party providers in the entire process, especially for critical IT operations and services. It's essential for companies to centralize all this information on a single platform, using technology that can integrate with all existing IT&C systems in the organization, making it easier to calculate cyber incident risk and build the risk management framework that is the cornerstone of DORA," explains Florin Daniș, Technical Architect and co-founder of Devhd.

Despite DORA regulations being public since 2022 and a 2-year preparation period, in the latter half of last year, approximately 43% of financial companies still did not know the degree of interconnection between IT&C solution providers, such as those for payment transaction authorization and authentication, IT operations, and client transactions via digital channels, which are considered the most critical, according to a Deloitte study.

To assist companies in meeting these requirements, Devhd offers comprehensive solutions through the ServiceNow platform, covering all necessary aspects to ensure operational resilience. Together with the Devhd team, organizations can develop a plan to adopt the powerful ServiceNow platform, fully addressing operational resilience needs.

Devhd believes that operational resilience is not just a solution but an outcome. Achieving this outcome largely depends on the technologies used. To successfully implement an operational resilience program, three key components are required:

• Experience – Understanding and internal leadership to drive the initiative, along with a partner who provides guidance and knowledge.
• Capacity – Individual solutions are insufficient for handling a comprehensive operational resilience program. A platform that offers all required functionalities to support the program is essential.
• Data – Quality and data access are fundamental for real-time visibility of resilience. ServiceNow stands out with its Configuration Management Database (CMDB), providing a centralized, unique source of information. ServiceNow's integrated CMDB allows for real-time monitoring and full visibility of all IT assets, interdependencies, and vulnerabilities. Without quality data, the program will not succeed.

About Devhd

Founded in 2016, Devhd is the first company in Romania to provide customized digital solutions for digital transformation via the ServiceNow platform. As a Premier ServiceNow Partner, Devhd offers design, consulting, implementation, support, and maintenance services for the entire ServiceNow platform. The company's expertise covers key areas such as IT Service Management, IT Operations Management, IT Asset Management, Strategic Portfolio Management, Customer Service Management, HR Service Delivery, hyper-automation, integrations, and client-specific training.

With over 10 years of experience on the NOW Platform, Devhd's team of consultants ensures comprehensive technical governance for end-to-end projects, guaranteeing flawless execution. For more information about Devhd, visit www.dev-hd.com or contact the company via email at office@dev-hd.com.

About ServiceNow

ServiceNow (NYSE: NOW) makes the world work better. ServiceNow's cloud-based platform and solutions help digitize and unify organizations, enabling them to find smarter, faster, and better ways to manage workflows. As a result, employees and customers can be more connected, innovative, and agile. Together, we can create the future we envision. The world works with ServiceNow™. For more information, visit www.servicenow.com.