What Every CIO Needs to Know About DORA: An IT Operations Perspective

As a CIO in today’s rapidly evolving digital landscape, staying ahead of the regulatory curve is more critical than ever.

Wes Heaps  profile picture
Wes Heaps

January 24, 20255 min read

EU flag in front of building

The Digital Operational Resilience Act (DORA) is one such regulation that demands your attention. This EU regulation, which came into force on January 16, 2023, and will apply as of January 17, 2025, aims to fortify the IT security of financial entities and ensure the European financial sector can withstand major operational disruptions.

The implications of DORA are far-reaching and assuring DORA compliance will take a multi-disciplinary approach across IT operations, cybersecurity, application development teams, and others.  This blog covers how traditional IT operations across disciplines such as performance monitoring, observability, configuration management, and service/asset management can contribute to achieving DORA compliance.

Download this whitepaper to learn how OpenText IT operations solutions can help your organization achieve DORA compliance: Digital Operational Resilience Act: How your CMDB, IT Service Management (ITSM), and observability solutions can contribute to DORA compliance

Why is DORA so important?

The financial sector’s growing reliance on technology and third-party providers exposes it to increased cyber threats and operational risks. DORA tackles this challenge head-on, establishing a harmonized framework for 20 different types of financial entities and ICT third-party service providers. Failure to comply carries significant regulatory risks, including potential fines and reputational damage.

What does DORA cover?

This regulation covers a wide range of aspects related to digital operational resilience, including:

  • ICT risk management: DORA mandates a comprehensive ICT risk management framework encompassing strategies, policies, procedures, and governance structures to ensure continuous risk monitoring and mitigation.
  • ICT-related incident management: Robust incident detection, management, and reporting processes are crucial. Entities must establish criteria for classifying incidents, reporting major incidents to authorities, and developing communication plans.
  • Digital operational resilience testing: Regular testing programs, including vulnerability assessments, penetration testing, and scenario-based tests, are essential to assess and improve resilience.
  • Managing ICT third-party risk: Entities must ensure third-party providers comply with ICT risk management requirements. Regular assessments, risk reviews, and maintaining a register of ICT third-party providers are mandatory.
  • Information-sharing arrangements: DORA encourages participation in information-sharing initiatives to enhance resilience while complying with data protection regulations.

How to prepare for DORA?

Achieving DORA compliance requires a multi-faceted approach, including:

  • Gaining a comprehensive understanding of your ICT assets and their interdependencies: This can be achieved through robust discovery and CMDB solutions, providing a clear picture of your IT landscape.
  • Establishing a strong governance framework: This framework should outline roles, responsibilities, policies, and procedures for ICT risk management, incident response, and testing. This framework should encompass not only IT operations, but also other IT disciplines such as cybersecurity and application development management.
  • Implementing robust monitoring and observability tools: These tools can help proactively detect anomalies, identify potential risks, and facilitate faster incident response. A coordinated monitoring response across both the IT operations and cybersecurity front will be critical to DORA compliance.
  • Developing and testing incident response plans: Regularly testing your incident response capabilities through simulations and exercises ensures you are prepared for real-world events.
  • Fostering a culture of communication and collaboration: Effective communication channels and collaborative processes are crucial for sharing information, coordinating responses, and continuously improving your resilience posture. This collaborative process must encompass IT operations, cybersecurity, and application development.

DORA implementation is an ongoing journey

The regulation will continue to evolve, with further policy standards and oversight procedures expected. It is vital to stay informed about the latest developments and proactively adapt your strategies. Several European Supervisory Authorities (ESAs) such as the European Banking Authority, the European Securities and Market Authority, and European Insurance and Occupational Pensions Authority maintain current DORA information, including updates to regulatory technical standards, implementation guidance, and other relevant topics.

By embracing DORA’s principles and leveraging the right tools and processes, you can mitigate regulatory risks and strengthen your organization’s IT security and operational resilience in the face of increasing digital threats.

OpenText IT Operations Cloud Products
Contributing to DORA compliance


Because DORA has such a broad scope, multiple stakeholders across IT will need to contribute to compliance efforts.   The following OpenText products can help from the IT operations perspective.

  • OpenText™ AI Operations Management can help proactively detect anomalies and potential ICT risks, facilitating faster incident response, a critical aspect of DORA compliance.
  • OpenText™ Service Management can support the governance framework and incident management processes mandated by DORA, enabling efficient incident resolution and reporting.
  • OpenText™ Asset Management helps maintain a comprehensive inventory of ICT assets, a crucial step in understanding your IT landscape and meeting DORA’s asset identification and management requirements.
  • OpenText™ Universal Discovery and CMDB creates and maintains an up-to-date CMDB, providing a clear picture of the IT environment, relationships between assets, and their impact on critical financial services, all essential for DORA compliance.
  • OpenText™ Automation Center can automate patching and remediation efforts and response to incidents, minimizing downtime, security vulnerabilities, and service disruptions, which is crucial for meeting DORA’s incident management and resilience requirements.
  • OpenText™ Network Operations Management provides comprehensive network monitoring, automation, and management capabilities, enabling organizations to detect and respond to network performance issues and incidents for a more stable and reliable network, contributing to meeting DORA’s incident management requirements.
  • OpenText™ Cloud Management provides a unified view and management of both on-premises and cloud environments, which is essential for DORA compliance as financial institutions increasingly utilize hybrid cloud models.

OpenText is one of the few technology vendors with a broad portfolio of IT operations, cybersecurity, and application development management solutions needed to address the many aspects of DORA compliance.

Share this post

Share this post to x. Share to linkedin. Mail to
Wes Heaps avatar image

Wes Heaps

Wes has over 15 years in the industry. His current focus is Discovery & CMDB and IT Asset Management.

See all posts

More from the author

OpenText helps U.S. federal agencies deliver ITSM more securely with less complexity

OpenText helps U.S. federal agencies deliver ITSM more securely with less complexity

The OpenText IT Management Platform has four main products that help agencies deliver reliable and secure IT services to their employees, contractors, citizens, and other fellow agencies. 

November 19, 2024

4 min read

Stay in the loop!

Get our most popular content delivered monthly to your inbox.