EY logo

EY

Financial Services Ireland

EY Solutions

Digital Operational Resilience Act (DORA)


David SpollenDirector, Technology Risk
Read more

Strengthening Financial Services Resilience

With increasing digital threats and operational risks, the Digital Operational Resilience Act (DORA) is a key regulatory framework ensuring that financial services firms across the EU maintain a high level of digital resilience. Effective from 17 January 2025, DORA introduces a harmonised approach to ICT risk management, incident reporting, and oversight of third-party providers.

Financial services organisations must now take a proactive stance to protect against cyber threats, operational failures, and third-party vulnerabilities. This requires embedding digital resilience into the core of business strategies, balancing regulatory compliance with innovation and growth.

Preparing for Compliance

Firms across Ireland and Europe are at different stages of DORA readiness. Some have well-defined implementation plans, while others are still conducting gap analyses. Given the strict regulatory enforcement and potential fines of up to 2% of global turnover, firms must ensure they are on track.

  • Minimum Mandatory Compliance: By January 2025, all financial entities must have a Board-approved ICT Risk Management Framework, incident classification and reporting processes, and a Register of Information (RoI) in place.
  • Operational Maturity (2026+): Moving beyond compliance, firms should integrate automation, AI-driven monitoring, and long-term resilience strategies.


Why Work with EY?

EY brings deep expertise in financial services resilience, helping firms navigate the regulatory demands of the Digital Operational Resilience Act (DORA). Our teams have extensive experience supporting organisations with ICT risk management, cyber security, and third-party oversight, ensuring compliance while driving long-term digital resilience. Leveraging insights from global regulatory frameworks, we offer practical strategies tailored to your business. Whether you’re conducting a gap analysis or integrating automation and AI-driven monitoring, EY’s specialists work alongside your teams to strengthen resilience and safeguard your operations.

  • DORA Transformation (new entrants)
  • DORA Testing Programme Design & Implementation (including DOR testing support)
  • Process Design & Policy, Procedure Development
  • Provide ongoing SMR support and program assurance
  • RMP Remediation Support
  • Preparation for On-Site Inspections
  • Annual ICT Risk Management Framework Review
  • CIFs Identification & Mapping to Processes, Assets, Third Parties
  • Conduct a gap analysis, leveraging our EMEIA DORA assessment tool, to help identify gaps and course corrections.
  • Design a roadmap to operationalise with action orientated next steps to set the project up for success.
  • Identify integration points across your related capabilities to help address the requirements.
  • Design a DORA Strategy (3-Year Plan)
  • Design a Target Operating Model (TOM)
  • Review of the Op Model to ensure it aligns with DORA demands
  • Development of Target Op Model
  • Conduct a capability assessment
  • Support on preparing a Register of Information (RoI)
  • Excel to csv conversion for reporting
  • Independent review of the ROI
  • Support in populating ROI
  • Third Party Management Framework development/uplift
  • Design, implement and provide ongoing support for the DORA requirements using the ServiceNow platform.
  • Cyber Support (TLPT, Network Segmentation, Security Architecture).
  • IT Asset Inventory / CMDB Support
  • Development of Register of Information.
  • Conduct a tooling assessment.
  • Conduct a maturity assessment, leveraging our EMEIA maturity assessment tool, to help assess maturity against DORA requirements and identify course corrections.
  • Conduct an independent assessment of the DORA programme to assess the effectiveness of the programme.
  • Provide training to financial entities Board, providing an overview of DORA and the relevant requirements, focusing specifically on the roles and responsibilities of the Board.
  • Provision of DORA aligned contractual templates
  • Support in updating existing ICT contracts.
  • Conduct Audits of ICT Third-Party Service Providers
  • Conduct Audit of ICT RMF
David SpollenDirector, Technology Risk

Contact Us

Talk to us today about how are EY teams can help your business succeed in your technology transformation journey.


Contact us
Toggle Sticky Nav

Related Content

DORA – Now, Next and Beyond Read More
ESAs workshop on DORA Read More
DORA CBI Event Read More
DORA Roundtable – 26 September 2024: Summary of Key Updates Read More
DORA: What financial firms need to think about as we move closer to January 2025 Read More
Why Irish CFOs must embrace the winds of change in sustainability and AI Read More

Load More