{"id":40990,"date":"2024-05-24T12:03:33","date_gmt":"2024-05-24T19:03:33","guid":{"rendered":"https:\/\/zpesystems.com\/?p=40990"},"modified":"2025-01-24T08:02:52","modified_gmt":"2025-01-24T16:02:52","slug":"dora-compliance-zs","status":"publish","type":"post","link":"https:\/\/zpesystems.com\/dora-compliance-zs\/","title":{"rendered":"DORA Compliance &#038; Requirements"},"content":{"rendered":"<p>[et_pb_section fb_built=&#8221;1&#8243; _builder_version=&#8221;4.17.4&#8243; _module_preset=&#8221;default&#8221; custom_margin=&#8221;0px||0px||false|false&#8221; custom_padding=&#8221;0px||0px||false|false&#8221; da_disable_devices=&#8221;off|off|off&#8221; global_colors_info=&#8221;{}&#8221; da_is_popup=&#8221;off&#8221; da_exit_intent=&#8221;off&#8221; da_has_close=&#8221;on&#8221; da_alt_close=&#8221;off&#8221; da_dark_close=&#8221;off&#8221; da_not_modal=&#8221;on&#8221; da_is_singular=&#8221;off&#8221; da_with_loader=&#8221;off&#8221; da_has_shadow=&#8221;on&#8221;][et_pb_row _builder_version=&#8221;4.17.4&#8243; _module_preset=&#8221;default&#8221; width=&#8221;100%&#8221; custom_margin=&#8221;0px||||false|false&#8221; custom_padding=&#8221;0px||||false|false&#8221; global_colors_info=&#8221;{}&#8221;][et_pb_column type=&#8221;4_4&#8243; _builder_version=&#8221;4.17.4&#8243; _module_preset=&#8221;default&#8221; global_colors_info=&#8221;{}&#8221;][et_pb_image src=&#8221;https:\/\/zpesystems.com\/wp-content\/uploads\/2024\/05\/A-map-of-the-EU-with-the-words-DORA-Digital-Operation-Resilience-Act-scaled.jpg&#8221; alt=&#8221;A map of the EU with the words DORA Digital Operation Resilience Act.&#8221; title_text=&#8221;A map of the EU with the words DORA Digital Operation Resilience Act.&#8221; admin_label=&#8221;Image&#8221; _builder_version=&#8221;4.25.1&#8243; _module_preset=&#8221;default&#8221; global_colors_info=&#8221;{}&#8221;][\/et_pb_image][et_pb_text _builder_version=&#8221;4.27.4&#8243; _module_preset=&#8221;default&#8221; hover_enabled=&#8221;0&#8243; global_colors_info=&#8221;{}&#8221; sticky_enabled=&#8221;0&#8243;]<\/p>\n<p>The European Union\u2019s Digital Operational Resilience Act (DORA) creates a regulatory framework for information and communication technology (ICT) risk management and network resilience. It entered into EU law on 16 January 2023 and took effect on 17 January 2025, applying to any firm operating within the European financial sector. This guide outlines the technical requirements for DORA compliance and provides tips and best practices to streamline implementation.<\/p>\n<p><i>Citation: <\/i><a href=\"https:\/\/eur-lex.europa.eu\/legal-content\/EN\/TXT\/PDF\/?uri=CELEX:32022R2554&amp;from=FR\"><i>Digital Operational Resilience Act (DORA)<\/i><\/a><\/p>\n<div dir=\"ltr\" style=\"margin-left: 0pt;\" align=\"center\">\n<table style=\"width: 468pt; border: none; border-collapse: collapse; table-layout: fixed;\" border=\"1pt solid rgb(0, 0, 0)\" cellpadding=\"5pt\">\n<colgroup>\n<col \/> <\/colgroup>\n<tbody>\n<tr style=\"height: 0pt;\">\n<td style=\"vertical-align: top; background-color: #214c64; padding: 5pt 5pt 5pt 5pt; overflow: hidden; overflow-wrap: break-word; border: solid #000000 1pt;\">\n<p dir=\"ltr\" style=\"line-height: 1.2; text-align: center; margin-top: 0pt; margin-bottom: 0pt;\"><strong style=\"background-color: transparent; color: #ffffff; font-size: 11pt; font-style: normal; font-variant: normal; font-weight: bold; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;\">Table of Contents<\/strong><\/p>\n<\/td>\n<\/tr>\n<tr style=\"height: 0pt;\">\n<td style=\"vertical-align: top; padding: 5pt 5pt 5pt 5pt; overflow: hidden; overflow-wrap: break-word; border: solid #000000 1pt;\">\n<ol>\n<li><a href=\"#1\">Which organizations does DORA affect, and what are the consequences of non-compliance?<\/a><\/li>\n<li><a href=\"#2\">What are DORA\u2019s technical requirements?<\/a><\/li>\n<li><a href=\"#3\">Best practices for DORA compliance<\/a><\/li>\n<\/ol>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/div>\n<h2 id=\"1\">Which organizations does DORA affect, and what are the consequences of non-compliance?<\/h2>\n<p>DORA applies to financial entities operating in the European Union, including:<\/p>\n<ul>\n<li><b>Financial services<\/b><\/li>\n<li><b>Payment institutions<\/b><\/li>\n<li><b>Crypto-asset service providers<\/b><\/li>\n<li><b>Crowdfunding service providers<\/b><\/li>\n<li><b>Investment firms<\/b><\/li>\n<li><b>Insurance companies<\/b><\/li>\n<li><b>Data analytics and audit services<\/b><\/li>\n<li><b>Fintech companies<\/b><\/li>\n<li><b>Trading venues<\/b><\/li>\n<li><b>Credit institutions<\/b><\/li>\n<li><b>Credit rating agencies<\/b><\/li>\n<\/ul>\n<p>Crucially, DORA also applies to <b>third-party digital service providers<\/b> that work with financial institutions, such as colocation data centers and cloud service providers.<\/p>\n<p>Once DORA takes effect, each EU state will designate \u201ccompetent authorities\u201d to enforce compliance. Each state determines its own penalties, but potential consequences for non-compliance include fines, remediation, and withdrawal of DORA authorization.<\/p>\n<p>ICT service providers (such as cloud vendors) labeled \u201ccritical\u201d by the European Commission face additional oversight and non-compliance penalties, including fines of up to 1% of the provider\u2019s average daily worldwide turnover the previous business year. Overseers can levy fines on a provider every day for up to six months until compliance requirements are met. These steep penalties make it essential for service providers to ensure their systems and processes are DORA-compliant.<\/p>\n<h2 id=\"2\">What are DORA\u2019s technical requirements?<\/h2>\n<p>[\/et_pb_text][et_pb_code _builder_version=&#8221;4.25.1&#8243; _module_preset=&#8221;default&#8221; locked=&#8221;off&#8221; global_colors_info=&#8221;{}&#8221;]<\/p>\n<div  dir=\"ltr\" style=\"margin-left: 0pt;\" align=\"left\"><!-- [et_pb_line_break_holder] --><\/p>\n<table style=\"border: none; border-collapse: collapse; table-layout: fixed; width: 100%;\"> <!-- [et_pb_line_break_holder] --><\/p>\n<tbody><!-- [et_pb_line_break_holder] --><\/p>\n<tr style=\"height: 0pt;\"><!-- [et_pb_line_break_holder] --><\/p>\n<td style=\"vertical-align: top; background-color: #214c64; padding: 5pt 5pt 5pt 5pt; overflow: hidden; overflow-wrap: break-word; border: solid #000000 1pt;\"><!-- [et_pb_line_break_holder] --><pee dir=\"ltr\" style=\"line-height: 1.2; margin-top: 0pt; margin-bottom: 0pt;\"><span style=\"font-size: 11pt;  color: #ffffff; font-weight: bold; font-style: normal; font-variant: normal; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;\">DORA Requirement<\/span><\/pee><!-- [et_pb_line_break_holder] --><\/td>\n<p><!-- [et_pb_line_break_holder] --><\/p>\n<td style=\"vertical-align: top; background-color: #214c64; padding: 5pt 5pt 5pt 5pt; overflow: hidden; overflow-wrap: break-word; border: solid #000000 1pt;\"><!-- [et_pb_line_break_holder] --><pee dir=\"ltr\" style=\"line-height: 1.2; margin-top: 0pt; margin-bottom: 0pt;\"><span style=\"font-size: 11pt;  color: #ffffff; font-weight: bold; font-style: normal; font-variant: normal; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;\">Description<\/span><\/pee><!-- [et_pb_line_break_holder] --><\/td>\n<p><!-- [et_pb_line_break_holder] --><\/p>\n<td style=\"vertical-align: top; background-color: #214c64; padding: 5pt 5pt 5pt 5pt; overflow: hidden; overflow-wrap: break-word; border: solid #000000 1pt;\"><!-- [et_pb_line_break_holder] --><pee dir=\"ltr\" style=\"line-height: 1.2; margin-top: 0pt; margin-bottom: 0pt;\"><span style=\"font-size: 11pt;  color: #ffffff; font-weight: bold; font-style: normal; font-variant: normal; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;\">Technical Best Practices<\/span><\/pee><!-- [et_pb_line_break_holder] --><\/td>\n<p><!-- [et_pb_line_break_holder] --><\/tr>\n<p><!-- [et_pb_line_break_holder] --><\/p>\n<tr style=\"height: 0pt;\"><!-- [et_pb_line_break_holder] --><\/p>\n<td style=\"vertical-align: top; padding: 5pt 5pt 5pt 5pt; overflow: hidden; overflow-wrap: break-word; border: solid #000000 1pt;\"><!-- [et_pb_line_break_holder] --><pee dir=\"ltr\" style=\"line-height: 1.2; margin-top: 0pt; margin-bottom: 0pt;\"><a style=\"text-decoration: none;\" href=\"#4\"><span style=\"font-size: 11pt;   font-weight: 400; font-style: normal; font-variant: normal; text-decoration: underline; text-decoration-skip-ink: none; vertical-align: baseline; white-space: pre-wrap;\">ICT risk management<\/span><\/a><\/pee><!-- [et_pb_line_break_holder] --><\/td>\n<p><!-- [et_pb_line_break_holder] --><\/p>\n<td style=\"vertical-align: top; padding: 5pt 5pt 5pt 5pt; overflow: hidden; overflow-wrap: break-word; border: solid #000000 1pt;\"><!-- [et_pb_line_break_holder] --><pee dir=\"ltr\" style=\"line-height: 1.38; margin-top: 12pt; margin-bottom: 12pt;\"><span style=\"font-size: 11pt;  color: #000000; font-weight: 400; font-style: normal; font-variant: normal; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;\">Financial institutions must develop a comprehensive ICT risk management framework containing strategies and tools for business resilience, recovery, and communication.<\/span><\/pee><!-- [et_pb_line_break_holder] --><\/td>\n<p><!-- [et_pb_line_break_holder] --><\/p>\n<td style=\"vertical-align: top; padding: 5pt 5pt 5pt 5pt; overflow: hidden; overflow-wrap: break-word; border: solid #000000 1pt;\"><!-- [et_pb_line_break_holder] --><pee dir=\"ltr\" style=\"line-height: 1.38; margin-top: 12pt; margin-bottom: 12pt;\"><span style=\"font-size: 11pt;  color: #000000; font-weight: 400; font-style: normal; font-variant: normal; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;\">\u2022 Control\/data plane separation<\/span><\/pee><!-- [et_pb_line_break_holder] --><pee dir=\"ltr\" style=\"line-height: 1.38; margin-top: 12pt; margin-bottom: 12pt;\"><span style=\"font-size: 11pt;  color: #000000; font-weight: 400; font-style: normal; font-variant: normal; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;\">\u2022 Isolated recovery environments<\/span><\/pee><!-- [et_pb_line_break_holder] --><\/td>\n<p><!-- [et_pb_line_break_holder] --><\/tr>\n<p><!-- [et_pb_line_break_holder] --><\/p>\n<tr style=\"height: 0pt;\"><!-- [et_pb_line_break_holder] --><\/p>\n<td style=\"vertical-align: top; padding: 5pt 5pt 5pt 5pt; overflow: hidden; overflow-wrap: break-word; border: solid #000000 1pt;\"><!-- [et_pb_line_break_holder] --><pee dir=\"ltr\" style=\"line-height: 1.2; margin-top: 0pt; margin-bottom: 0pt;\"><a style=\"text-decoration: none;\" href=\"#5\"><span style=\"font-size: 11pt;   font-weight: 400; font-style: normal; font-variant: normal; text-decoration: underline; text-decoration-skip-ink: none; vertical-align: baseline; white-space: pre-wrap;\">ICT third-party risk management<\/span><\/a><\/pee><!-- [et_pb_line_break_holder] --><\/td>\n<p><!-- [et_pb_line_break_holder] --><\/p>\n<td style=\"vertical-align: top; padding: 5pt 5pt 5pt 5pt; overflow: hidden; overflow-wrap: break-word; border: solid #000000 1pt;\"><!-- [et_pb_line_break_holder] --><pee dir=\"ltr\" style=\"line-height: 1.38; margin-top: 0pt; margin-bottom: 10pt;\"><span style=\"font-size: 11pt;  color: #000000; font-weight: 400; font-style: normal; font-variant: normal; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;\">Financial organizations in the EU must manage the risk of working with third-party vendors to prevent supply chain attacks.<\/span><\/pee><!-- [et_pb_line_break_holder] --><\/td>\n<p><!-- [et_pb_line_break_holder] --><\/p>\n<td style=\"vertical-align: top; padding: 5pt 5pt 5pt 5pt; overflow: hidden; overflow-wrap: break-word; border: solid #000000 1pt;\"><!-- [et_pb_line_break_holder] --><pee dir=\"ltr\" style=\"line-height: 1.38; margin-top: 12pt; margin-bottom: 12pt;\"><span style=\"font-size: 11pt;  color: #000000; font-weight: 400; font-style: normal; font-variant: normal; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;\">\u2022 Automated patch management<\/span><\/pee><!-- [et_pb_line_break_holder] --><pee dir=\"ltr\" style=\"line-height: 1.38; margin-top: 12pt; margin-bottom: 12pt;\"><span style=\"font-size: 11pt;  color: #000000; font-weight: 400; font-style: normal; font-variant: normal; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;\">\u2022 AIOps security monitoring<\/span><\/pee><!-- [et_pb_line_break_holder] --><\/td>\n<p><!-- [et_pb_line_break_holder] --><\/tr>\n<p><!-- [et_pb_line_break_holder] --><\/p>\n<tr style=\"height: 0pt;\"><!-- [et_pb_line_break_holder] --><\/p>\n<td style=\"vertical-align: top; padding: 5pt 5pt 5pt 5pt; overflow: hidden; overflow-wrap: break-word; border: solid #000000 1pt;\"><!-- [et_pb_line_break_holder] --><pee dir=\"ltr\" style=\"line-height: 1.2; margin-top: 0pt; margin-bottom: 0pt;\"><a style=\"text-decoration: none;\" href=\"#6\"><span style=\"font-size: 11pt;   font-weight: 400; font-style: normal; font-variant: normal; text-decoration: underline; text-decoration-skip-ink: none; vertical-align: baseline; white-space: pre-wrap;\">Digital operational resilience testing<\/span><\/a><\/pee><!-- [et_pb_line_break_holder] --><\/td>\n<p><!-- [et_pb_line_break_holder] --><\/p>\n<td style=\"vertical-align: top; padding: 5pt 5pt 5pt 5pt; overflow: hidden; overflow-wrap: break-word; border: solid #000000 1pt;\"><!-- [et_pb_line_break_holder] --><pee dir=\"ltr\" style=\"line-height: 1.2; margin-top: 0pt; margin-bottom: 0pt;\"><span style=\"font-size: 11pt;  color: #000000; font-weight: 400; font-style: normal; font-variant: normal; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;\">Financial entities must establish a resilience testing program to validate their security defenses, backups, redundancies, and recovery systems every year.<\/span><\/pee><!-- [et_pb_line_break_holder] --><\/td>\n<p><!-- [et_pb_line_break_holder] --><\/p>\n<td style=\"vertical-align: top; padding: 5pt 5pt 5pt 5pt; overflow: hidden; overflow-wrap: break-word; border: solid #000000 1pt;\"><!-- [et_pb_line_break_holder] --><pee dir=\"ltr\" style=\"line-height: 1.38; margin-top: 12pt; margin-bottom: 12pt;\"><span style=\"font-size: 11pt;  color: #000000; font-weight: 400; font-style: normal; font-variant: normal; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;\">\u2022 Control\/data plane separation<\/span><\/pee><!-- [et_pb_line_break_holder] --><pee dir=\"ltr\" style=\"line-height: 1.38; margin-top: 12pt; margin-bottom: 12pt;\"><span style=\"font-size: 11pt;  color: #000000; font-weight: 400; font-style: normal; font-variant: normal; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;\">\u2022 Alternative networking, compute, and storage<\/span><\/pee><!-- [et_pb_line_break_holder] --><pee dir=\"ltr\" style=\"line-height: 1.38; margin-top: 12pt; margin-bottom: 12pt;\"><span style=\"font-size: 11pt;  color: #000000; font-weight: 400; font-style: normal; font-variant: normal; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;\">\u2022 Automated provisioning and recovery tools<\/span><\/pee><!-- [et_pb_line_break_holder] --><\/td>\n<p><!-- [et_pb_line_break_holder] --><\/tr>\n<p><!-- [et_pb_line_break_holder] --><\/p>\n<tr style=\"height: 0pt;\"><!-- [et_pb_line_break_holder] --><\/p>\n<td style=\"vertical-align: top; padding: 5pt 5pt 5pt 5pt; overflow: hidden; overflow-wrap: break-word; border: solid #000000 1pt;\"><!-- [et_pb_line_break_holder] --><pee dir=\"ltr\" style=\"line-height: 1.2; margin-top: 0pt; margin-bottom: 0pt;\"><a style=\"text-decoration: none;\" href=\"#7\"><span style=\"font-size: 11pt;   font-weight: 400; font-style: normal; font-variant: normal; text-decoration: underline; text-decoration-skip-ink: none; vertical-align: baseline; white-space: pre-wrap;\">ICT-related incident management<\/span><\/a><\/pee><!-- [et_pb_line_break_holder] --><\/td>\n<p><!-- [et_pb_line_break_holder] --><\/p>\n<td style=\"vertical-align: top; padding: 5pt 5pt 5pt 5pt; overflow: hidden; overflow-wrap: break-word; border: solid #000000 1pt;\"><!-- [et_pb_line_break_holder] --><pee dir=\"ltr\" style=\"line-height: 1.38; margin-top: 0pt; margin-bottom: 10pt;\"><span style=\"font-size: 11pt;  color: #000000; font-weight: 400; font-style: normal; font-variant: normal; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;\">Financial firms must submit a root cause report within one month of a major incident.<\/span><\/pee><!-- [et_pb_line_break_holder] --><\/td>\n<p><!-- [et_pb_line_break_holder] --><\/p>\n<td style=\"vertical-align: top; padding: 5pt 5pt 5pt 5pt; overflow: hidden; overflow-wrap: break-word; border: solid #000000 1pt;\"><!-- [et_pb_line_break_holder] --><pee dir=\"ltr\" style=\"line-height: 1.38; margin-top: 12pt; margin-bottom: 12pt;\"><span style=\"font-size: 11pt;  color: #000000; font-weight: 400; font-style: normal; font-variant: normal; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;\">\u2022 AIOps anomaly detection<\/span><\/pee><!-- [et_pb_line_break_holder] --><pee dir=\"ltr\" style=\"line-height: 1.38; margin-top: 12pt; margin-bottom: 12pt;\"><span style=\"font-size: 11pt;  color: #000000; font-weight: 400; font-style: normal; font-variant: normal; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;\">\u2022 AIOps incident management<\/span><\/pee><!-- [et_pb_line_break_holder] --><pee dir=\"ltr\" style=\"line-height: 1.38; margin-top: 12pt; margin-bottom: 12pt;\"><span style=\"font-size: 11pt;  color: #000000; font-weight: 400; font-style: normal; font-variant: normal; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;\">\u2022 AIOps root-cause analysis (RCA)<\/span><\/pee><!-- [et_pb_line_break_holder] --><\/td>\n<p><!-- [et_pb_line_break_holder] --><\/tr>\n<p><!-- [et_pb_line_break_holder] --><\/p>\n<tr style=\"height: 0pt;\"><!-- [et_pb_line_break_holder] --><\/p>\n<td style=\"vertical-align: top; padding: 5pt 5pt 5pt 5pt; overflow: hidden; overflow-wrap: break-word; border: solid #000000 1pt;\"><!-- [et_pb_line_break_holder] --><pee dir=\"ltr\" style=\"line-height: 1.2; margin-top: 0pt; margin-bottom: 0pt;\"><a style=\"text-decoration: none;\" href=\"#8\"><span style=\"font-size: 11pt;   font-weight: 400; font-style: normal; font-variant: normal; text-decoration: underline; text-decoration-skip-ink: none; vertical-align: baseline; white-space: pre-wrap;\">Information sharing<\/span><\/a><\/pee><!-- [et_pb_line_break_holder] --><\/td>\n<p><!-- [et_pb_line_break_holder] --><\/p>\n<td style=\"vertical-align: top; padding: 5pt 5pt 5pt 5pt; overflow: hidden; overflow-wrap: break-word; border: solid #000000 1pt;\"><!-- [et_pb_line_break_holder] --><pee dir=\"ltr\" style=\"line-height: 1.2; margin-top: 0pt; margin-bottom: 0pt;\"><span style=\"font-size: 11pt;  color: #000000; font-weight: 400; font-style: normal; font-variant: normal; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;\">DORA encourages financial institutions to share cyber threat information within the community to help raise awareness and mitigate risks.<\/span><\/pee><!-- [et_pb_line_break_holder] --><\/td>\n<p><!-- [et_pb_line_break_holder] --><\/p>\n<td style=\"vertical-align: top; padding: 5pt 5pt 5pt 5pt; overflow: hidden; overflow-wrap: break-word; border: solid #000000 1pt;\"><!-- [et_pb_line_break_holder] --><pee dir=\"ltr\" style=\"line-height: 1.2; margin-top: 0pt; margin-bottom: 0pt;\"><span style=\"font-size: 11pt;  color: #000000; font-weight: 400; font-style: normal; font-variant: normal; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;\">Using logs and analyses from technology solutions like UEBA and AIOps.<\/span><\/pee><!-- [et_pb_line_break_holder] --><\/td>\n<p><!-- [et_pb_line_break_holder] --><\/tr>\n<p><!-- [et_pb_line_break_holder] --><\/p>\n<tr style=\"height: 0pt;\"><!-- [et_pb_line_break_holder] --><\/p>\n<td style=\"vertical-align: top; padding: 5pt 5pt 5pt 5pt; overflow: hidden; overflow-wrap: break-word; border: solid #000000 1pt;\"><!-- [et_pb_line_break_holder] --><pee dir=\"ltr\" style=\"line-height: 1.2; margin-top: 0pt; margin-bottom: 0pt;\"><a style=\"text-decoration: none;\" href=\"#9\"><span style=\"font-size: 11pt;   font-weight: 400; font-style: normal; font-variant: normal; text-decoration: underline; text-decoration-skip-ink: none; vertical-align: baseline; white-space: pre-wrap;\">Oversight of critical third-party providers<\/span><\/a><\/pee><!-- [et_pb_line_break_holder] --><\/td>\n<p><!-- [et_pb_line_break_holder] --><\/p>\n<td style=\"vertical-align: top; padding: 5pt 5pt 5pt 5pt; overflow: hidden; overflow-wrap: break-word; border: solid #000000 1pt;\"><!-- [et_pb_line_break_holder] --><pee dir=\"ltr\" style=\"line-height: 1.2; margin-top: 0pt; margin-bottom: 0pt;\"><span style=\"font-size: 11pt;  color: #000000; font-weight: 400; font-style: normal; font-variant: normal; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;\">Digital service providers deemed \u201ccritical\u201d must follow the same compliance rules as the financial institutions they work with.<\/span><\/pee><!-- [et_pb_line_break_holder] --><\/td>\n<p><!-- [et_pb_line_break_holder] --><\/p>\n<td style=\"vertical-align: top; padding: 5pt 5pt 5pt 5pt; overflow: hidden; overflow-wrap: break-word; border: solid #000000 1pt;\"><!-- [et_pb_line_break_holder] --><pee dir=\"ltr\" style=\"line-height: 1.2; margin-top: 0pt; margin-bottom: 0pt;\"><span style=\"font-size: 11pt;  color: #000000; font-weight: 400; font-style: normal; font-variant: normal; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;\">All of the above.<\/span><\/pee><!-- [et_pb_line_break_holder] --><\/td>\n<p><!-- [et_pb_line_break_holder] --><\/tr>\n<p><!-- [et_pb_line_break_holder] --><\/tbody>\n<p><!-- [et_pb_line_break_holder] --><\/table>\n<p><!-- [et_pb_line_break_holder] --><\/div>\n<p>[\/et_pb_code][et_pb_text _builder_version=&#8221;4.27.4&#8243; _module_preset=&#8221;default&#8221; text_font=&#8221;||||||||&#8221; global_colors_info=&#8221;{}&#8221;]<\/p>\n<h3 id=\"4\">ICT risk management<\/h3>\n<p>DORA requires financial institutions to develop a comprehensive ICT risk management framework containing strategies and tools for business resilience, recovery, and communication. In addition to written policies and documented procedures, financial entities must implement technology such as security hardware and software, <a href=\"https:\/\/zpesystems.com\/network-resilience-vs-redundancy-zs\/\">redundancies and backups<\/a>, and <a href=\"https:\/\/zpesystems.com\/network-resilience-zs\/\">resilience systems<\/a>. Best practices for DORA-compliant risk management technologies include:<\/p>\n<ul>\n<li aria-level=\"1\"><a href=\"#10\">Control plane\/data plane separation<\/a><\/li>\n<li aria-level=\"1\"><a href=\"#11\">Isolated recovery environments<\/a><\/li>\n<\/ul>\n<h3 id=\"5\">ICT third-party risk management<\/h3>\n<p>Financial organisations in the EU must manage the risk of working with third-party vendors to prevent supply chain attacks such as the <a href=\"https:\/\/zpesystems.com\/the-biggest-ransomware-attack-you-havent-heard-of-yet\/\">MOVEit breach<\/a>. ICT third-party risk management (TPRM) involves performing vendor due diligence to validate compliance with security standards and ensuring contractual provisions are in place to hold vendors accountable for security failures. On the technical side, financial entities should implement security policies and controls to limit third-party access and use monitoring tools that detect vulnerabilities, apply patches, and identify suspicious account behavior. Best practices for DORA-compliant TPRM technologies include:<\/p>\n<ul>\n<li aria-level=\"1\"><a href=\"#12\">Automated patch management<\/a><\/li>\n<li aria-level=\"1\"><a href=\"#13\">AIOps security monitoring<\/a><\/li>\n<\/ul>\n<h3 id=\"6\">Digital operational resilience testing<\/h3>\n<p>DORA requires financial entities to establish a resilience testing program to validate their security defenses, backups, redundancies, and recovery systems once per year. Examples of resilience tests include vulnerability scans, network security assessments, open-source software analyses, physical security reviews, penetration testing, and source code reviews. Financial entities deemed \u201ccritical,\u201d as well as their critical ICT providers, must also undergo threat-led penetration testing (TLPT) every three years. DORA stipulates that these tests be performed by independent parties, though they can be internal so long as the organization takes steps to eliminate any conflict of interest. Technical best practices include:<\/p>\n<ul>\n<li aria-level=\"1\"><a href=\"#10\">Control plane\/data plane separation<\/a><\/li>\n<\/ul>\n<h3 id=\"7\">ICT incident reporting<\/h3>\n<p>DORA streamlines and consolidates the incident reporting requirements that are currently fragmented across EU states. The takeaway from this section is a requirement for financial firms to submit a root cause report within one month of a major incident. Technical best practices for meeting this requirement involve using <a href=\"https:\/\/zpesystems.com\/using-aiops-and-machine-learning-to-manage-automated-network-infrastructure-zs\/\">AIOps<\/a> for:<\/p>\n<ul>\n<li aria-level=\"1\"><a href=\"#13\">Anomaly detection<\/a><\/li>\n<li aria-level=\"1\"><a href=\"#13\">Incident management<\/a><\/li>\n<li aria-level=\"1\"><a href=\"#13\">Root-cause analysis (RCA)<\/a><\/li>\n<\/ul>\n<h3 id=\"8\">Information sharing<\/h3>\n<p>This is less of a requirement than a suggestion, but DORA both allows and encourages financial institutions to share cyber threat information within the community to help raise awareness and mitigate risks. Best practices involve using (anonymized) logs from some of the technologies mentioned above, such as UEBA and AIOps.<\/p>\n<h3 id=\"9\">Oversight of critical third-party providers<\/h3>\n<p>DORA requires \u201ccritical\u201d digital service providers to follow the same compliance rules as the financial institutions they work with. Regulators may deem a provider critical if a large number of financial entities rely on them for business continuity or if they are difficult to replace\/substitute when a failure occurs. Any cloud vendors, colocation data centers, or other <a href=\"https:\/\/zpesystems.com\/data-center-orchestration-with-gen-3-oob-for-digital-services-providers-zs\/\">digital service providers<\/a> working in the EU\u2019s financial sector should prepare for DORA by implementing:<\/p>\n<ul>\n<li aria-level=\"1\"><a href=\"#17\">Control\/data plane separation<\/a><\/li>\n<li aria-level=\"1\"><a href=\"#11\">Isolated recovery environments<\/a><\/li>\n<li aria-level=\"1\"><a href=\"#12\">Automated patch management<\/a><\/li>\n<li aria-level=\"1\"><a href=\"#13\">AIOps<\/a><\/li>\n<\/ul>\n<h2 id=\"3\">Best practices for DORA compliance<\/h2>\n<p>Some of the technologies that can help simplify DORA compliance for financial institutions and critical service providers include:<\/p>\n<h3 id=\"17\">Control\/data plane separation<\/h3>\n<p>Separating the data plane (i.e., production network traffic) from the control plane (i.e., management and troubleshooting traffic) simplifies DORA compliance in two key ways:<\/p>\n<ol>\n<li aria-level=\"1\">It isolates the management interfaces used to control ICT systems, making them inaccessible to malicious actors who breach the production network and aiding in resilience.<\/li>\n<li aria-level=\"1\">It prevents resource-intensive automation, security monitoring, and resilience testing workflows from affecting the speed or availability of the production network.<\/li>\n<\/ol>\n<p>The best practice for control and data plane separation is to use <a href=\"https:\/\/zpesystems.com\/solutions\/remote-network-management\/out-of-band-serial-console-zs\/\">Gen 3 out-of-band (OOB) serial consoles<\/a>, such as the Nodegrid product line from ZPE Systems. Gen 3 OOB provides a dedicated network for management traffic that doesn\u2019t depend on production network resources, ensuring remote teams always have access, even during outages or ransomware attacks. It\u2019s also vendor-neutral, allowing administrators to deploy third-party monitoring, automation, security, troubleshooting, and testing tools on the isolated control plane. <a href=\"https:\/\/zpesystems.com\/solving-remote-it-infrastructure-management-challenges-with-gen-3-out-of-band-zs\/\">Gen 3 OOB<\/a> helps financial institutions and ICT service providers meet resilience and testing requirements cost-effectively.<\/p>\n<h3 id=\"11\">Isolated recovery environments<\/h3>\n<p>Ransomware continues to be one of the biggest threats to resilience, with ransomware cases<a href=\"https:\/\/www.sans.org\/blog\/ransomware-cases-increased-greatly-in-2023\/\"> increasing by 73%<\/a> in 2023 despite heightened awareness and additional cybersecurity spending. Preventing an attack may be nearly impossible, and full recovery often takes weeks due to the high rate of reinfection. The best way to reduce recovery time and meet DORA resilience requirements is with an<a href=\"https:\/\/zpesystems.com\/build-an-isolated-recovery-environment-zs\/\"> isolated recovery environment (IRE)<\/a> that\u2019s fully separated from the production infrastructure.<\/p>\n<p><a href=\"https:\/\/zpesystems.com\/build-an-isolated-recovery-environment-zs\/\"><img decoding=\"async\" class=\"aligncenter wp-image-38383 size-full\" src=\"https:\/\/zpesystems.com\/wp-content\/uploads\/2023\/11\/3Building-an-Isolated-Recovery-Environment.jpg\" alt=\"A diagram showing the components of an isolated recovery environment.\" width=\"789\" height=\"609\" srcset=\"https:\/\/zpesystems.com\/wp-content\/uploads\/2023\/11\/3Building-an-Isolated-Recovery-Environment.jpg 789w, https:\/\/zpesystems.com\/wp-content\/uploads\/2023\/11\/3Building-an-Isolated-Recovery-Environment-480x370.jpg 480w\" sizes=\"(min-width: 0px) and (max-width: 480px) 480px, (min-width: 481px) 789px, 100vw\" \/><\/a><\/p>\n<p>[\/et_pb_text][et_pb_text _builder_version=&#8221;4.27.4&#8243; _module_preset=&#8221;default&#8221; text_font=&#8221;||||||||&#8221; global_colors_info=&#8221;{}&#8221;]<\/p>\n<p>An IRE contains systems dedicated to recovering from ransomware and other breaches, where teams can rebuild and restore applications, data, and other resources before deploying them back to the production network. It uses designated network infrastructure that\u2019s completely separate from the production environment to mitigate the risk of malware reinfection. It also contains technologies like Retention Lock, role-based access control, and <a href=\"https:\/\/zpesystems.com\/defining-oob-network-and-oob-management\/\">out-of-band management<\/a> so teams can quickly and safely recover critical services and reduce DORA penalties.<\/p>\n<h3 id=\"12\">Automated patch management<\/h3>\n<p>Cybercriminals often breach networks by exploiting known vulnerabilities in outdated software and firmware, as happened with <a href=\"https:\/\/zpesystems.com\/breaking-down-the-2023-ragnar-locker-cyberattacks\/\">2023\u2019s Ragnar Locker attacks<\/a>. For large financial institutions and critical ICT providers, manually tracking and installing patches for all the third-party hardware and software used across the organization is too difficult and time-consuming, leaving potential vulnerabilities exposed for years. The best practice for meeting DORA\u2019s third-party risk management requirement is to use an automated, vendor-agnostic patch management solution.<\/p>\n<p>Automatic patch management tools discover all the software and devices used by the organization, monitor for known exploited vulnerabilities, and notify teams when vendors release updates. They centralize patch management for the entire network to simplify TPRM and aid in DORA compliance.<\/p>\n<h3 id=\"13\">AIOps<\/h3>\n<p>AIOps uses artificial intelligence technology to automate and streamline IT operations. AIOps collects and analyses all the data generated by IT infrastructure, applications, monitoring tools, and security solutions to help identify significant events and make \u201cintelligent\u201d recommendations. AIOps helps with DORA compliance by providing:<\/p>\n<ul>\n<li aria-level=\"1\"><b>Anomaly detection<\/b> \u2013 Artificial intelligence analyses logs and detects outlier data points that could indicate an in-progress data breach or other problematic event.<\/li>\n<li aria-level=\"1\"><b>Incident management<\/b> \u2013 AIOps automatically generates, triages, and assigns service desk tickets to the appropriate team for resolution, significantly accelerating incident response.<\/li>\n<li aria-level=\"1\"><b>Root-cause analysis<\/b> \u2013 AIOps combs through all the relevant logs to determine the most likely cause of adverse events, making it easier to meet DORA\u2019s root-cause reporting requirements.<\/li>\n<\/ul>\n<h2>How ZPE streamlines DORA compliance<\/h2>\n<p>The Nodegrid out-of-band management platform from ZPE Systems helps <a href=\"https:\/\/zpesystems.com\/solutions\/network-security-in-financial-services-zs\/\">financial institutions<\/a> and <a href=\"https:\/\/zpesystems.com\/service-provider-network-infrastructure-solutions-zs\/\">critical service providers<\/a> meet DORA resilience requirements without increasing network complexity. Vendor-neutral <a href=\"https:\/\/zpesystems.com\/products\/data-center-solutions\/\">Nodegrid serial consoles<\/a> and <a href=\"https:\/\/zpesystems.com\/products\/branch-solutions\/\">integrated edge services routers<\/a> deliver control plane isolation, centralized infrastructure patch management, and Guest OS\/container hosting for third-party security, recovery, and AIOps tools. The Nodegrid platform provides a secure foundation for an isolated recovery environment that contains all the technology needed to get services back online and stay DORA compliant.<\/p>\n<p><b>Download our 3 Steps to Ransomware Recovery whitepaper to learn how to improve network resilience with Nodegrid.<\/b><br \/><a class=\"HSSTYLEDCTA\" href=\"https:\/\/zpesystems.com\/resources\/media-library\/ebooks-whitepapers\/3-steps-to-ransomware-recovery\/\">Download the Whitepaper<\/a><\/p>\n<p><b>See how Nodegrid helped one of the EU&#8217;s largest banks meet modern security and compliance requirements.<\/b><br \/><a class=\"HSSTYLEDCTA\" href=\"https:\/\/go.zpesystems.com\/rs\/004-BTR-463\/images\/Case-Study-Investing-in%20-Out-of-Band-Management-to-Reduce-Risks.pdf\">Read the case study<\/a><\/p>\n<p>&nbsp;<\/p>\n<p>[\/et_pb_text][et_pb_text admin_label=&#8221;CTA&#8221; _builder_version=&#8221;4.25.1&#8243; _module_preset=&#8221;default&#8221; text_text_color=&#8221;#FFFFFF&#8221; background_color=&#8221;#358AAF&#8221; custom_margin=&#8221;||||true|false&#8221; custom_padding=&#8221;30px|30px|30px|30px|true|true&#8221; locked=&#8221;off&#8221; global_colors_info=&#8221;{}&#8221;]<\/p>\n<h2><strong>Looking to replace your discontinued, EOL serial console with a Gen 3 out-of-band solution?<br \/><\/strong><\/h2>\n<p><b>Looking to replace your discontinued, EOL serial console with a Gen 3 out-of-band solution? Nodegrid can expand your capabilities and manage your existing solutions from other vendors.<\/b><\/p>\n<p><a class=\"HSSTYLEDCTA\" href=\"https:\/\/zpesystems.com\/replace-discontinued-console-servers-with-zpe-systems-complete-products-services-solution\/\">Click here to learn more!<\/a><\/p>\n<p>[\/et_pb_text][\/et_pb_column][\/et_pb_row][\/et_pb_section]<\/p>\n","protected":false},"excerpt":{"rendered":"<p>This guide outlines the technical requirements for DORA compliance and provides tips and best practices to streamline implementation.<\/p>\n","protected":false},"author":5,"featured_media":40992,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_et_pb_use_builder":"on","_et_pb_old_content":"","_et_gb_content_width":"","content-type":"","footnotes":""},"categories":[74,102,86,93,82,99,85,96,100,90],"tags":[],"class_list":["post-40990","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-application-hosting","category-increase-productivity","category-modernize-legacy-environments","category-network-automation","category-out-of-band-management","category-remote-network-management","category-sd-branch","category-sd-wan","category-streamline-deployments","category-vendor-neutral-platform"],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v26.0 (Yoast SEO v26.0) - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>DORA Compliance &amp; Requirements - ZPE Systems<\/title>\n<meta name=\"description\" content=\"This guide outlines the technical requirements for DORA compliance and provides tips and best practices to streamline implementation.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/zpesystems.com\/dora-compliance-zs\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"DORA Compliance &amp; Requirements\" \/>\n<meta property=\"og:description\" content=\"This guide outlines the technical requirements for DORA compliance and provides tips and best practices to streamline implementation.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/zpesystems.com\/dora-compliance-zs\/\" \/>\n<meta property=\"og:site_name\" content=\"ZPE Systems\" \/>\n<meta property=\"article:published_time\" content=\"2024-05-24T19:03:33+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2025-01-24T16:02:52+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/zpesystems.com\/wp-content\/uploads\/2024\/05\/A-map-of-the-EU-with-the-words-DORA-Digital-Operation-Resilience-Act-scaled.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1620\" \/>\n\t<meta property=\"og:image:height\" content=\"1080\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Jordan Baker\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Jordan Baker\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"9 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/zpesystems.com\/dora-compliance-zs\/\",\"url\":\"https:\/\/zpesystems.com\/dora-compliance-zs\/\",\"name\":\"DORA Compliance & Requirements - ZPE Systems\",\"isPartOf\":{\"@id\":\"https:\/\/zpesystems.com\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/zpesystems.com\/dora-compliance-zs\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/zpesystems.com\/dora-compliance-zs\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/zpesystems.com\/wp-content\/uploads\/2024\/05\/A-map-of-the-EU-with-the-words-DORA-Digital-Operation-Resilience-Act-scaled.jpg\",\"datePublished\":\"2024-05-24T19:03:33+00:00\",\"dateModified\":\"2025-01-24T16:02:52+00:00\",\"author\":{\"@id\":\"https:\/\/zpesystems.com\/#\/schema\/person\/822694040abba23b5253766566cd1567\"},\"description\":\"This guide outlines the technical requirements for DORA compliance and provides tips and best practices to streamline implementation.\",\"breadcrumb\":{\"@id\":\"https:\/\/zpesystems.com\/dora-compliance-zs\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/zpesystems.com\/dora-compliance-zs\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/zpesystems.com\/dora-compliance-zs\/#primaryimage\",\"url\":\"https:\/\/zpesystems.com\/wp-content\/uploads\/2024\/05\/A-map-of-the-EU-with-the-words-DORA-Digital-Operation-Resilience-Act-scaled.jpg\",\"contentUrl\":\"https:\/\/zpesystems.com\/wp-content\/uploads\/2024\/05\/A-map-of-the-EU-with-the-words-DORA-Digital-Operation-Resilience-Act-scaled.jpg\",\"width\":1620,\"height\":1080,\"caption\":\"A map of the EU with the words DORA: Digital Operation Resilience Act.\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/zpesystems.com\/dora-compliance-zs\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/zpesystems.com\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"DORA Compliance &#038; Requirements\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/zpesystems.com\/#website\",\"url\":\"https:\/\/zpesystems.com\/\",\"name\":\"ZPE Systems\",\"description\":\"Rethink the Way Networks are Built and Managed\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/zpesystems.com\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/zpesystems.com\/#\/schema\/person\/822694040abba23b5253766566cd1567\",\"name\":\"Jordan Baker\",\"url\":\"https:\/\/zpesystems.com\/author\/jordan\/\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"DORA Compliance & Requirements - ZPE Systems","description":"This guide outlines the technical requirements for DORA compliance and provides tips and best practices to streamline implementation.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/zpesystems.com\/dora-compliance-zs\/","og_locale":"en_US","og_type":"article","og_title":"DORA Compliance & Requirements","og_description":"This guide outlines the technical requirements for DORA compliance and provides tips and best practices to streamline implementation.","og_url":"https:\/\/zpesystems.com\/dora-compliance-zs\/","og_site_name":"ZPE Systems","article_published_time":"2024-05-24T19:03:33+00:00","article_modified_time":"2025-01-24T16:02:52+00:00","og_image":[{"width":1620,"height":1080,"url":"https:\/\/zpesystems.com\/wp-content\/uploads\/2024\/05\/A-map-of-the-EU-with-the-words-DORA-Digital-Operation-Resilience-Act-scaled.jpg","type":"image\/jpeg"}],"author":"Jordan Baker","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Jordan Baker","Est. reading time":"9 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/zpesystems.com\/dora-compliance-zs\/","url":"https:\/\/zpesystems.com\/dora-compliance-zs\/","name":"DORA Compliance & Requirements - ZPE Systems","isPartOf":{"@id":"https:\/\/zpesystems.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/zpesystems.com\/dora-compliance-zs\/#primaryimage"},"image":{"@id":"https:\/\/zpesystems.com\/dora-compliance-zs\/#primaryimage"},"thumbnailUrl":"https:\/\/zpesystems.com\/wp-content\/uploads\/2024\/05\/A-map-of-the-EU-with-the-words-DORA-Digital-Operation-Resilience-Act-scaled.jpg","datePublished":"2024-05-24T19:03:33+00:00","dateModified":"2025-01-24T16:02:52+00:00","author":{"@id":"https:\/\/zpesystems.com\/#\/schema\/person\/822694040abba23b5253766566cd1567"},"description":"This guide outlines the technical requirements for DORA compliance and provides tips and best practices to streamline implementation.","breadcrumb":{"@id":"https:\/\/zpesystems.com\/dora-compliance-zs\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/zpesystems.com\/dora-compliance-zs\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/zpesystems.com\/dora-compliance-zs\/#primaryimage","url":"https:\/\/zpesystems.com\/wp-content\/uploads\/2024\/05\/A-map-of-the-EU-with-the-words-DORA-Digital-Operation-Resilience-Act-scaled.jpg","contentUrl":"https:\/\/zpesystems.com\/wp-content\/uploads\/2024\/05\/A-map-of-the-EU-with-the-words-DORA-Digital-Operation-Resilience-Act-scaled.jpg","width":1620,"height":1080,"caption":"A map of the EU with the words DORA: Digital Operation Resilience Act."},{"@type":"BreadcrumbList","@id":"https:\/\/zpesystems.com\/dora-compliance-zs\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/zpesystems.com\/"},{"@type":"ListItem","position":2,"name":"DORA Compliance &#038; Requirements"}]},{"@type":"WebSite","@id":"https:\/\/zpesystems.com\/#website","url":"https:\/\/zpesystems.com\/","name":"ZPE Systems","description":"Rethink the Way Networks are Built and Managed","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/zpesystems.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/zpesystems.com\/#\/schema\/person\/822694040abba23b5253766566cd1567","name":"Jordan Baker","url":"https:\/\/zpesystems.com\/author\/jordan\/"}]}},"rttpg_featured_image_url":{"full":["https:\/\/zpesystems.com\/wp-content\/uploads\/2024\/05\/A-map-of-the-EU-with-the-words-DORA-Digital-Operation-Resilience-Act-scaled.jpg",1620,1080,false],"landscape":["https:\/\/zpesystems.com\/wp-content\/uploads\/2024\/05\/A-map-of-the-EU-with-the-words-DORA-Digital-Operation-Resilience-Act-scaled.jpg",1620,1080,false],"portraits":["https:\/\/zpesystems.com\/wp-content\/uploads\/2024\/05\/A-map-of-the-EU-with-the-words-DORA-Digital-Operation-Resilience-Act-scaled.jpg",1620,1080,false],"thumbnail":["https:\/\/zpesystems.com\/wp-content\/uploads\/2024\/05\/A-map-of-the-EU-with-the-words-DORA-Digital-Operation-Resilience-Act-150x150.jpg",150,150,true],"medium":["https:\/\/zpesystems.com\/wp-content\/uploads\/2024\/05\/A-map-of-the-EU-with-the-words-DORA-Digital-Operation-Resilience-Act-300x200.jpg",300,200,true],"large":["https:\/\/zpesystems.com\/wp-content\/uploads\/2024\/05\/A-map-of-the-EU-with-the-words-DORA-Digital-Operation-Resilience-Act-1024x683.jpg",1024,683,true],"1536x1536":["https:\/\/zpesystems.com\/wp-content\/uploads\/2024\/05\/A-map-of-the-EU-with-the-words-DORA-Digital-Operation-Resilience-Act-1536x1024.jpg",1536,1024,true],"2048x2048":["https:\/\/zpesystems.com\/wp-content\/uploads\/2024\/05\/A-map-of-the-EU-with-the-words-DORA-Digital-Operation-Resilience-Act-2048x1365.jpg",2048,1365,true],"et-pb-post-main-image":["https:\/\/zpesystems.com\/wp-content\/uploads\/2024\/05\/A-map-of-the-EU-with-the-words-DORA-Digital-Operation-Resilience-Act-400x250.jpg",400,250,true],"et-pb-post-main-image-fullwidth":["https:\/\/zpesystems.com\/wp-content\/uploads\/2024\/05\/A-map-of-the-EU-with-the-words-DORA-Digital-Operation-Resilience-Act-1080x675.jpg",1080,675,true],"et-pb-portfolio-image":["https:\/\/zpesystems.com\/wp-content\/uploads\/2024\/05\/A-map-of-the-EU-with-the-words-DORA-Digital-Operation-Resilience-Act-400x284.jpg",400,284,true],"et-pb-portfolio-module-image":["https:\/\/zpesystems.com\/wp-content\/uploads\/2024\/05\/A-map-of-the-EU-with-the-words-DORA-Digital-Operation-Resilience-Act-510x382.jpg",510,382,true],"et-pb-portfolio-image-single":["https:\/\/zpesystems.com\/wp-content\/uploads\/2024\/05\/A-map-of-the-EU-with-the-words-DORA-Digital-Operation-Resilience-Act-1080x720.jpg",1080,720,true],"et-pb-gallery-module-image-portrait":["https:\/\/zpesystems.com\/wp-content\/uploads\/2024\/05\/A-map-of-the-EU-with-the-words-DORA-Digital-Operation-Resilience-Act-400x516.jpg",400,516,true],"et-pb-post-main-image-fullwidth-large":["https:\/\/zpesystems.com\/wp-content\/uploads\/2024\/05\/A-map-of-the-EU-with-the-words-DORA-Digital-Operation-Resilience-Act-2880x1800.jpg",2880,1800,true],"et-pb-image--responsive--desktop":["https:\/\/zpesystems.com\/wp-content\/uploads\/2024\/05\/A-map-of-the-EU-with-the-words-DORA-Digital-Operation-Resilience-Act-1280x853.jpg",1080,720,true],"et-pb-image--responsive--tablet":["https:\/\/zpesystems.com\/wp-content\/uploads\/2024\/05\/A-map-of-the-EU-with-the-words-DORA-Digital-Operation-Resilience-Act-980x653.jpg",827,551,true],"et-pb-image--responsive--phone":["https:\/\/zpesystems.com\/wp-content\/uploads\/2024\/05\/A-map-of-the-EU-with-the-words-DORA-Digital-Operation-Resilience-Act-480x320.jpg",405,270,true]},"rttpg_author":{"display_name":"Jordan Baker","author_link":"https:\/\/zpesystems.com\/author\/jordan\/"},"rttpg_comment":0,"rttpg_category":"<a href=\"https:\/\/zpesystems.com\/category\/application-hosting\/\" rel=\"category tag\">Application Hosting<\/a> <a href=\"https:\/\/zpesystems.com\/category\/increase-productivity\/\" rel=\"category tag\">Increase Productivity<\/a> <a href=\"https:\/\/zpesystems.com\/category\/streamline-deployments\/modernize-legacy-environments\/\" rel=\"category tag\">Modernize Legacy Environments<\/a> <a href=\"https:\/\/zpesystems.com\/category\/increase-productivity\/network-automation\/\" rel=\"category tag\">Network Automation<\/a> <a href=\"https:\/\/zpesystems.com\/category\/remote-network-management\/out-of-band-management\/\" rel=\"category tag\">Out of Band Management<\/a> <a href=\"https:\/\/zpesystems.com\/category\/remote-network-management\/\" rel=\"category tag\">Remote Network Management<\/a> <a href=\"https:\/\/zpesystems.com\/category\/streamline-deployments\/sd-branch\/\" rel=\"category tag\">SD-Branch<\/a> <a href=\"https:\/\/zpesystems.com\/category\/improve-network-security\/sd-wan\/\" rel=\"category tag\">SD-WAN<\/a> <a href=\"https:\/\/zpesystems.com\/category\/streamline-deployments\/\" rel=\"category tag\">Streamline Deployments<\/a> <a href=\"https:\/\/zpesystems.com\/category\/simplify-branch-infrastructure\/vendor-neutral-platform\/\" rel=\"category tag\">Vendor Neutral Platform<\/a>","rttpg_excerpt":"This guide outlines the technical requirements for DORA compliance and provides tips and best practices to streamline implementation.","_links":{"self":[{"href":"https:\/\/zpesystems.com\/wp-json\/wp\/v2\/posts\/40990","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/zpesystems.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/zpesystems.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/zpesystems.com\/wp-json\/wp\/v2\/users\/5"}],"replies":[{"embeddable":true,"href":"https:\/\/zpesystems.com\/wp-json\/wp\/v2\/comments?post=40990"}],"version-history":[{"count":10,"href":"https:\/\/zpesystems.com\/wp-json\/wp\/v2\/posts\/40990\/revisions"}],"predecessor-version":[{"id":227737,"href":"https:\/\/zpesystems.com\/wp-json\/wp\/v2\/posts\/40990\/revisions\/227737"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/zpesystems.com\/wp-json\/wp\/v2\/media\/40992"}],"wp:attachment":[{"href":"https:\/\/zpesystems.com\/wp-json\/wp\/v2\/media?parent=40990"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/zpesystems.com\/wp-json\/wp\/v2\/categories?post=40990"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/zpesystems.com\/wp-json\/wp\/v2\/tags?post=40990"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}