Join the Community

22,042
Expert opinions
43,974
Total members
375
New members (last 30 days)
176
New opinions (last 30 days)
28,689
Total comments

EU DORA: A new opportunity for Site Reliability Engineers

The EU Digital Operational Resilience Act (DORA) is a new regulation that aims to strengthen the resilience of the financial sector to information and computer technology (ICT) related risks. It applies to all financial services organisations within the EU, including banks, insurance companies, investment firms and payment institutions. It also includes any global companies that collaborate with financial institutions within the EU.  

DORA sets out several requirements for financial services organisations; for example, financial services organisations must establish a comprehensive ICT risk management framework, implement incident reporting and management procedures, conduct regular operational resilience testing, and manage ICT third-party risk effectively. 

The regulation was issued on 27 Dec 2022 and is planned to come into force in January 2025. However, there is a transitional period of one year for financial services organisations to comply with the full requirements of the regulation, so January 2024 is a looming deadline. 

Failure to comply with EU DORA could result in financial penalties and public notices that could tarnish the reputation of many businesses. 

Specific needs of the sector 

The UK’s equivalent of the EU DORA is currently in development. The UK government has stated that it will introduce regulation that is expected to be similar to DORA but tailored to the specific needs of the UK financial sector. 

In the meantime, the Prudential Regulation Authority (PRA) has issued guidance on operational resilience that sets out the expectations of the PRA regarding how financial institutions should manage operational risks. PRA SS1/21: Operational Resilience: Impact Tolerances for Important Business Services and SS2/21: Outsourcing and Third-Party Risk Management

Compliance with operational resilience regulation will benefit customers. Financial services organisations are required to implement measures to improve the resilience of their systems and services. This will help reduce the risk of outages and disruptions, which will have a significant effect on customers. 

Improved protection from cyber threats will help to protect customers from cyber threats, such as fraud and data breaches. 

Increased transparency and accountability ensure that financial services organisations are meeting their obligations to customers. 

What are the implications? 

There are practical implications for application engineering teams that are needed to underpin compliance with operational resilience regulation. Site Reliability Engineers (SREs) will play a key role in helping financial services organisations comply with these regulations. 

SREs are responsible for the reliability, performance and scalability of large-scale applications. They have the skills and experience to help financial services organisations implement and maintain the ICT risk management and operational resilience capabilities required. 

SRE teams work with stakeholders to define and measure service reliability and then develop and implement metrics to measure the reliability of the service. They work with development teams to design and build systems that are reliable. This includes considering factors such as redundancy, fault tolerance and monitoring. 

They monitor systems for incidents and respond to them quickly and effectively. They also identify the root cause of the incident and implement measures to prevent it from happening again, resulting in continuous improvements. 

Focussing on more strategic work 

SRE teams automate as many operations tasks as possible to free time that can be better spent focusing on more strategic work, such as improving the reliability of the system. They share knowledge and promote best practices within a business that helps to improve the reliability of applications across the organisation. 

SREs can play a vital role in helping companies to comply with DORA and protect their businesses from ICT-related risks. 

 

External

This content is provided by an external author without editing by Finextra. It expresses the views and opinions of the author.

Join the Community

22,042
Expert opinions
43,974
Total members
375
New members (last 30 days)
176
New opinions (last 30 days)
28,689
Total comments

Trending

Now Hiring