A second set of policy products for DORA compliance has been announced
Hannah Middleton
Content Marketing Specialist
August 2, 2024
 
                
            The European Supervisory Authorities (ESA) has released a second batch of policy products under the EU’s Digital Operational Resilience Act (DORA). This latest guidance is designed to assist organizations in meeting the framework requirements before the act takes effect in January 2025.
In their announcement, the ESA outlined the new set of rules: "This batch consists of four final draft regulatory technical standards (RTS), one set of Implementing Technical Standards (ITS), and two guidelines, all of which aim at enhancing the digital operational resilience of the EU's financial sector."
The final draft technical standards include:
RTS and ITS on the content, format, templates and timelines for reporting major ICT-related incidents and significant cyber threats
RTS on the harmonization of conditions enabling the conduct of the oversight activities
RTS specifying the criteria for determining the composition of the joint examination team (JET)
RTS on threat-led penetration testing (TLPT)
Let's take a closer look at DORA's goals, the latest requirements this will set, and how organizations can start preparing now to meet the framework requirements ahead of next year's deadline.
The Digital Operational Resilience Act (DORA), set into motion by the European Commission in September 2020, is the first regulation to oversee the security functions of financial entities across the European Union. It presents a unified framework that harmonizes the management of information and communication technology (ICT) risk across 21 distinct types of financial entities within its scope.
This regulation will bring about a significant shift, impacting financial entities in the EU and elsewhere and any third-party service providers within their extended networks. Organizations previously exempt from ICT standards, including third-party service providers for account information, crypto-assets, and data reporting, must comply.
Financial institutions will need to incorporate the latest updates to the regulation into their journey toward DORA compliance. However, it’s important to note that guidelines on subcontracting ICT services are still on the way.
According to the ESA's statement, "The final draft technical standards have been submitted to the European Commission, which will now start working on their review with the objective to adopt these policy products in the coming months. The remaining RTS on Subcontracting will be published in due course."
As the DORA compliance deadline approaches, financial entities are actively prioritizing their digital operational resilience to fulfill the framework requirements. OneTrust offers robust capabilities that help navigate the complexities of risk and resilience, enabling organizations to operationalize compliance with a key emphasis on managing ICT risk and third parties at scale.
Book a demo to see how OneTrust can help you operationalize compliance with DORA.
 
        Webinar
Discover how OneTrust’s latest Risk Solutions release empowers teams with AI-driven vendor onboarding and automated evidence analysis for smarter compliance.
 
        Webinar
Join us for a demo webinar to see how OneTrust helps organizations identify, manage, and mitigate cybersecurity risks in alignment with NIS-2 compliance obligations.
 
        On-Demand
Join our webinar to explore agentic vs. agentish AI, and learn how risk teams can adopt AI responsibly with transparency and control.
 
        On-Demand
Join our webinar to explore TPRM best practices, from NIS2 and DORA to aligning privacy with risk in a shifting regulatory landscape.
 
        Report
The OneTrust platform connects data, privacy, and risk teams in one unified system, so you can stay ahead of regulatory change and support responsible growth. Download the excerpt to learn how OneTrust helps you move faster, without sacrificing compliance.
 
        On-Demand
Our Chief Information Security Officer (CISO) department's approach to assessing and mitigating third-party risks using our platform.
 
        On-Demand
Join our webinar to learn how risk and security leaders are aligning third-party and tech risk for scalable, AI-ready compliance programs.
 
        Webinar
Join Protiviti and OneTrust where we’ll explore how to evidence DORA compliance effectively and with minimal effort. You’ll gain practical advice on aligning your third-party risk program to regulatory expectations—without slowing down innovation.
 
        eBook
These days, organizations are required to safeguard their customer data and comply with privacy regulations — a task that becomes even more challenging with the increase in third-party relationships.
 
        Demo
Discover how OneTrust helps financial institutions comply with the DORA regulation by streamlining ICT risk and third-party management at scale.
 
        On-Demand
Join this session to explore strategies for breaking down silos, integrating risk insights, and strengthening security and compliance postures with a unified risk management approach.
 
        Infographic
OneTrust’s spring 2025 product release introduces three powerful features designed to accelerate contextual risk visibility by streamlining third-party risk assessment processes.
 
        On-Demand
Join this live webinar to explore how automated vendor assessments, real-time monitoring, and compliance workflows can enhance risk insights and operational efficiency.
 
        On-Demand
Join this webinar to discover how automation enhances third-party risk management. Learn best practices for vendor risk assessment, due diligence, and compliance.
 
        On-Demand
Join OneTrust and Deloitte to explore the U.S. DOJ Cybersecurity Rule, key risks, and best practices for managing cross-border data transfers and ensuring compliance.
 
        On-Demand
Join our webinar to explore actionable strategies powered by OneTrust solutions to foster collaboration across privacy and TPRM stakeholders to better support your organizations.
 
        On-Demand
Join our expert panel to explore DORA compliance post-deadline. Learn key lessons, risk challenges, and best practices for operational resilience.
 
        eBook
For financial institutions in Australia, the Australian Prudential Regulation Authority’s (APRA) CPS 230 standard is a clarion call to fortify cyber resilience.
 
        On-Demand
Register for our live demo webinar to see how OneTrust Third-Party Management can revolutionize your third-party risk management approach.
 
        On-Demand
Join us to learn more about the Digital Operational Resilience Act (DORA) and how OneTrust can help organizations research, implement, and monitor compliance at scale with DORA and other related regulations and standards like NIS2 and ISO.
 
        Checklist
The Digital Operational Resilience Act (DORA) is the first regulation to oversee the security functions of financial entities across the European Union.
 
        On-Demand
Join us for a virtual Lunch & Learn session and explore how OneTrust’s Third Party Management solution can streamline your risk management processes.
 
        On-Demand
Join our Saudi Arabia PDPL webinar for an overview on the data protection law, its requirements, and how to prepare for full enforcement.
 
        On-Demand
Register for this OneTrust webinar to learn about the relevant resilience focused requirements of DORA, NIS 2, and other global regulations.
 
        On-Demand
This DataGuidance webinar explores the latest and expected developments in the implementation of the NIS 2 Directive, focusing on practical compliance strategies to ensure your organization is prepared.
 
        Infographic
This infographic gives an overview on how third-party management affects technology, growing threats, and how OneTrust Third-Party Management can help combat them.
 
        Report
As AI continues to offer unparalleled opportunities for business innovation, it also presents risks that organizations must tackle head-on through scalable governance programs that span multiple data sources. Six key trends are defining these challenges.
 
        On-Demand
In this webinar, our experts will discuss the Canadian regulation and others like it globally, while providing actionable insights into building a robust and mature Third-party program.
 
        On-Demand
Join our OneTrust webinar on tackling IT security risks for banks in South Africa. Explore strategies for safeguarding sensitive data, ensuring POPIA compliance, and managing cyber threats. Gain actionable insights to strengthen your security posture and build customer trust.
 
        On-Demand
Join our upcoming product release webinar to explore how these new capabilities can help your organization navigate complex frameworks, streamline third-party management, and accelerate AI and data innovation.
 
        On-Demand
Join to explore how OneTrust's TPRM solution can revolutionize your third-party risk management approach. We will cover best practices for implementing and leveraging the software to minimize risks.
 
        eBook
Streamline third-party relationships and avoid common mistakes in the process.
 
        Checklist
Third-party management doesn’t have to be a complicated process for your business.
 
        Infographic
Working with third parties introduces privacy and security risks, making compliance and business growth a balancing act.
 
        Infographic
Third-party management keeps manufacturing operations running smoothly by verifying vendor and supplier compliance with regulations.
 
        eBook
It’s imperative for security teams to implement a holistic approach to third-party management.
 
        On-Demand
Join our upcoming webinar to learn how to navigate the complexities of managing modern slavery, anti-bribery, and corruption within your third-party ecosystem.
 
        On-Demand
Join us in a webinar where we will discuss PDPL, third-party risk, and compliance best practices. Learn how you can automate and simplify your third-party management program with OneTrust.
 
        On-Demand
Join this APAC webinar to learn the unique competencies of third-party risk and due diligence programs and examine when and how to align them to maximize the effectiveness of each.
 
        On-Demand
Amidst South Africa's dynamic AI terrain and evolving data privacy regulations like POPIA, mastering third-party risk management is paramount. This session explores the balance between AI innovation and data protection.
 
        On-Demand
Join this webinar to learn best practices for building a resilient third-party ecosystem and maintaining operational continuity in the face of unforeseen challenges.
 
        eBook
Download this eBook to explore third-party management across industries and key considerations before bringing this approach organization-wide.
 
        On-Demand
As innovation teams race to integrate AI into their products and services, new challenges arise for development teams leveraging third-party models. Join the webinar to gain insights on how to navigate AI vendors while mitigating third-party risks.
 
        On-Demand
The EU has adopted several new Cyber Laws that will impact many businesses and will come into force over the next few months (in October in the case of NISD2) and require actions now. Join the webinar to learn about the latest cyber developments.
 
        On-Demand
Join this free demo session to learn the ins an outs of OneTrust’s Third-Party Management solution.
 
        On-Demand
Join this free demo session to learn the ins an outs of OneTrust’s Third-Party Management solution.
 
        On-Demand
This webinar will show you how to develop strategies for assessing reputational risks as it relates to third parties and the impact of third-party relationships.
 
        On-Demand
In this webinar, we’ll discuss the unique competencies of third-party risk and due diligence programs and examine when and how to align them.
 
        Infographic
Download our infographic to learn about the new DORA regulation, who needs to comply, and how OneTrust can help streamline the process.
 
        On-Demand
Join our webinar to learn how you can build an well-rounded Third-Party Risk Management Program that works for your organisation
 
        On-Demand
Learn how to leverage financial, operations, compliance, ESG, and cyber scores to drive resilience insights and detect possible supply chain disruptions.
 
        Checklist
See the path to managing third-party risk effectively with a checklist that outlines the six steps for a sound TPRM program.
 
        On-Demand
How can you build a privacy-focused TPRM program? In this webinar, we discuss best practices for privacy compliance when working with third parties, from onboarding to offboarding.
 
        Video
Watch this video for the five top trends shaping the third-party management industry this year.
 
        Checklist
Managing third-party risk is a critical part of AI governance, but you don’t have to start from scratch. Use these questions to adapt your existing vendor assessments to be used for AI.
 
        Infographic
What key challenges do CISOs face going into the new year? Download this infographic to hear what experts from industries across the board have to say.
 
        On-Demand
Join this webinar as we discuss key trends for third-party management and lessons learned over the last year.
 
        On-Demand
Insight into your third parties’ inherent risks can change the way you run your TPM program.
 
        On-Demand
Join our webinar to learn the primary goals of successful Third-Party Risk and Third-Party Due Diligence programs.
 
        On-Demand
Join our webinar and learn how to save time and streamline third-party risk assessment throughout the TPRM lifecycle.
 
        eBook
Understand the importance of data privacy in third-party risk management, and 10 best practices for achieving privacy compliance when working with third parties.
 
        On-Demand
Join this webinar to learn how to manage the third-party risk lifecycle across teams while optimizing your processes with automation.
 
        On-Demand
In this webinar, we'll share seven practical tips for effective third-party risk monitoring, helping you to identify new risks and take timely action to protect your business.
 
        Infographic
Learn how to actively screen and monitor your third parties in the OneTrust Third-Party Risk Exchange.
 
        On-Demand
Join our in-depth webinar and learn how to define third-party due dilligence levels and when to apply them during your vendor management lifecycle.
 
        On-Demand
Join us as we explore how automating third-party management workflows streamlines processes, drives alignment across teams, and reduces reduntant work.
 
        On-Demand
In this webinar, we examine the scope of third-party due dilligence, best practices, and industry trends driving greater scrutiny on third parties.
 
        On-Demand
Join our webinar and learn how to create an effective, privacy-focused third-party risk management (TPRM) program that streamlines recordkeeping and reduces your risk exposure.
 
        Video
The OneTrust Vendor Risk Management provides businesses access to pre-completed vendor risk assessments while supporting industry standards.
 
        Video
Learn about OneTrust Third-Party Risk Exchange in this demo video and see how it streamlines third-party risk assessments.
 
        On-Demand
Join OneTrust and HackNotice as we discuss effective ways to protect your organization from third-party data breaches and build strong incident response workflows.
 
        On-Demand
Join our upcoming webinar as we explore the pivotal ways procurement and InfoSec teams can collaborate to reduce third-party risks.
 
        eBook
Download our eBook to learn practical advice on how to approach third-party risk management like an InfoSec expert.
 
        On-Demand
Join us for a live demo of OneTrust's Third-Party Management capabilities and how our holistic approach helps you monitor and screen third parties across critial risk domains with up-to-date intelligence.
 
        On-Demand
In this webinar, you will learn how to reduce the use of spreadsheets for third-party risk management and cut costs when building your TPRM program.
 
        On-Demand
Watch this webinar to learn how to align your TPRM and TPDD programs to achieve workflow efficiencies and the distinction between the two discipline areas.
 
        In-Person Event
Join this OneTrust live event series, which will address critical topics such as navigating data management, compliance automation and third-party risk.
 
        Infographic
The number of businesses and third-party suppliers has increased, widening the risk landscape. This infographic shows how businesses are managing that risk.
 
        On-Demand
Learn how to balance the intricacies of CPRA, VCDPA, CPA, CTDPA, and UCPA when managing third parties and understanding privacy-related risks.
 
        On-Demand
Attend this webinar to learn about Third-Party Risk Management (TPRM) workflow definition and maintenance best practices you can apply to your business.NEED
 
        On-Demand
In this webinar, you will learn how to utilize TPRM to help to optimize workflows, leverage data, and increase accountability across sourcing and procurement.
 
        On-Demand
This webinar provides a live demo of the OneTrust TPRM solution and cover best practices for implementing and using the software to reduce third-party risk.
 
        On-Demand
Our third-party risk software helps you build a vendor inventory, conduct vendor assessments, mitigate risks, monitor vendors over time, and more.
 
        On-Demand
Watch the demo video to learn how OneTrust Third-Party Risk Management can help your TPRM program meet your privacy team's expectations.
 
        On-Demand
In this session, we’ll outline how to identify, reduce, and monitor cyber risk as it relates to your third parties including methods for tracking cyber risks over time.
 
        On-Demand
Join OneTrust for a demo on how our privacy management platform helps Canadian businesses streamline ISO 27001:2022 compliance.
 
        On-Demand
Learn how InfoSec teams can automate scoping mandatory requirements and streamline generating evidence to prove compliance across ISO.
 
        On-Demand
In this webinar session, we’ll outline how to take a data-driven approach to understand, reduce, and monitor cyber risks as it relates to your third parties.
 
        On-Demand
This webinar focuses on the fundamental considerations when managing third parties and enables your organization to build a solid and scalable foundation.
 
        On-Demand
In this webinar, we provide a live product demonstration to show you how your organization can optimize and scale a third-party risk program.
 
        On-Demand
Learn the top 7 red flags for risky third parties, mitigation tactics for reducing third-party risk, and key ways to streamline risk identification, and more.
 
        eBook
Ensure your enterprise IT risk assessment is a success with a top-down approach that gets executive buy-in from the start
 
        On-Demand
Watch our LkSG webinar to understand the scope of LkSG, how your company will need to adjust, and the repercussions of noncompliance.
 
        On-Demand
In this webinar, we discuss best practices for how privacy and security teams can work better to eliminate redundant work, save time, and be more efficient.
 
        On-Demand
Watch this webinar to hear how to leverage third-party risk management workflow creation and maintenance best practices.
 
        On-Demand
In this panel discussion, we address critical points such as defining the metrics to track in relation to third parties and their cybersecurity risks.
 
        On-Demand
In this webinar, we’ll review services providers under the ADPPA and outline how you can ready your third-party risk program to align with privacy regulations.
 
        Checklist
Download our LkSG readiness checklist to understand your readiness for risk management systems and responsibilities, and due diligence obligations.
 
        On-Demand
In this webinar, we’ll explore these questions and layout 7 must-know best practices to conduct more meaningful third-party risk assessments.
 
        eBook
Understand what it takes to build a successful third-party risk management program through OneTrust's third-party risk management guide.
 
        On-Demand
Join our panel of experts as we discuss the German Supply Chain Due Dilligence Act and the best practices for compliance.
 
        On-Demand
This webinar will discuss best practices for how privacy and security teams can work together to eliminate redundant work, save time, and be more efficient.
 
        On-Demand
Join this webinar to learn how you can integrate your Third-Party Risk Management program within a broader IT Security platform
 
        On-Demand
Watch this webinar and see how the COVID-19 pandemic forced companies to accelerate automation and scale their third-party management.
 
        On-Demand
Discover effective strategies for preparing security questionaire responses with our free webinar.
 
        On-Demand
Watch this webinar and learn how to launch an effective third-party risk managment program and practical methods to track success.
 
        eBook
Download our guide on third-party management and learn what you need to know to shift your buisness to TPM.
 
        eBook
In this eBook, learn the business value of TPRM software and why all leading organizations rely on it when working with third-party vendors.
 
        On-Demand
Watch our free webinar to discover how to optimize your third-party risk program and reduce manual data management with automation.
 
        On-Demand
Join this webinar to learn best practices on how your organization can step-up business resilience with better third-party risk management.
 
        Webinar
Prepare for 2022 Trends in Third-Party Risk Management and future-proof your Third-Party Trust program.
 
        On-Demand
This webinar will discuss how to create a Third-Party Risk Management (TPRM) program that prioritizes privacy compliance and simplifies record-keeping.
 
        eBook
Download the OneTrust Vendor Risk Management Handbook for an in-depth understanding of updated regulations, requirements and more.
 
        On-Demand
Access this free webinar to learn how to be a trusted vendor.
 
        eBook
Download our third-party risk management eBook and get a complete roadmap to your TPRM lifecycle.
 
        Webinar
Join this webinar series, which will focus on the four foundational pillars of Third-Party Risk Management: Automation, Compliance, Reporting, and Collaboration.
 
        Webinar
Watch our webinar and gain insight on how to navigate InfoSec's evolving compliance landscape.
 
        Demo
Discover how our Third-Party Management solution helps you assess, monitor, and mitigate vendor risks while ensuring compliance.