Continue reading on DataGuidance with:
Free Member
Limited ArticlesCreate an account to continue accessing select articles, resources, and guidance notes.
Already have an account? Log in
Germany: BaFin publishes implementation guidelines for DORA
On July 8, 2024, the Federal Financial Supervisory Authority (BaFin) published implementation guidelines for the Digital Operational Resilience Act (DORA). BaFin stated that the guidelines are intended to support companies in implementing the requirements of DORA for regular ICT risk management and ICT third-party risk management. The guidelines also include an overview of the minimum contract contents that supervised companies must agree with ICT third-party service providers.
The guidelines are aimed particularly at those companies supervised by BaFin that fall within the scope of the banking supervisory requirements for IT or the insurance supervisory requirements for IT. The guidelines are divided into the following sections:
- governance and organization;
- information risk and information security management;
- IT operations;
- ICT business continuity management;
- IT project management and application development;
- ICT third-party risk management; and
- operational information security and identity and rights management.
You can read the press release here, download the guidelines here, and read the minimum contract contents here, all only available in German.