Skip to content
Client Challenge
The client, a leading global insurance group, faced challenges in understanding the DORA specific requirements and assessing how their current IT risk management frameworks align with the DORA compliance guidelines.
The mandates involved reviewing IT strategy, service delivery, technology policies, KPIs, and cyber posture to identify gaps and develop a remediation plan for DORA compliance, enhancing ICT risk management, resilience, third-party risk, and other critical DORA requirements.
The deliverables included, inter alia, a Gap Analysis, continuous improvement recommendations, and a high-level remediation plan with effort estimates for addressing gaps.
What We Did
- Reviewed the existing IT Risk Management framework to identify gaps against DORA compliance, aligning it with IT strategy, service targets, policies, KPIs, and cyber posture.
- Assessed current IT Risk Management documentation and provided guidance on continuous improvement for ICT risk and remediation, ensuring sustainable risk management practices.
- Delivered a Gap Analysis that highlighted the discrepancies between the current IT Risk Management framework and the DORA-compliant state, helping prioritise areas for improvement.
- Developed a high-level remediation plan, including estimated efforts for key activities needed to meet DORA compliance.
- Conducted a comprehensive review of existing artefacts to assess DORA compliance in areas such as operational resilience, customer contracts, data privacy, and third-party risk management.
- Estimated the effort required to close the gaps identified in the Gap Analysis, providing a roadmap for achieving full DORA compliance.
Outcome & Results
- The client gained a clear understanding of the framework’s strengths and areas needing improvement for DORA compliance.
- The client gained a clear understanding of the compliance gaps across critical IT risk areas.
- Specific areas pinpointed for remediation to meet DORA compliance standards.
- A structured roadmap for addressing identified gaps and achieving full DORA compliance.
- A framework for continuous monitoring and risk management aligned with the DORA evolving requirements.
- Overall, the client received a comprehensive analysis, including a detailed gap assessment and remediation plan, ensuring the IT Risk Management framework is aligned with DORA requirements.
