Legal certainty for IT risk management in the financial sector
The regulation of IT security and risk management is constantly increasing in the financial sector. With the Digital Operational Resilience Act (DORA) coming into force on January 17, 2025, a new framework for IT risk management will become mandatory for many financial institutions. innus has proactively adapted its contractual framework to fully cover the DORA requirements and thus offer its customers a comprehensive, legally compliant solution.
Contents
- Legal certainty for IT risk management in the financial sector
- DORA: New requirements for IT risk management
- DORA-compliant contract: innus moves forward
DORA: New requirements for IT risk management
The Digital Operational Resilience Act (DORA) is a comprehensive legal framework that regulates operational risks in information and communication technology (ICT) for financial institutions. The aim is to strengthen the resilience of financial companies against IT and cyber risks. By January 2025, financial institutions must ensure that their ICT risk management and risk management for third-party providers comply with the DORA requirements.
Key requirements include the creation of a clear framework for IT security processes, regular risk reviews and transparent service level agreements (SLAs) with third-party providers in order to make outsourcing secure.
DORA-compliant contract: innus moves forward
From the outset, we provided a BAIT-compliant set of contracts that was accepted by customers following a legal review. When DORA comes into force, BaFin intends to completely repeal BAIT, among other things. Adapting the contractual framework to DORA was therefore a logical step in order to continue to offer customers a legally secure and procedural basis. The content of the agreement covers all the key points that financial institutions need to provide to the supervisory authorities as proof of DORA-compliant IT risk management.
The minimum contract contents from the BaFin implementation instructions are part of the innus contract. This means that our customers can find and check off every single point in our contracts. innus thus guarantees complete transparency and traceability of the contract contents.
Advantages of the innus contract for DORA-compliant risk management
The DORA-compliant contract from innus offers customers several advantages:
- Legal security: The contracts have been legally reviewed and fully cover all DORA requirements, minimizing legal risks.
- Simplified IT risk management: Financial institutions can rely on compliance with DORA requirements without having to make extensive adjustments of their own.
- Comprehensive service level agreements: SLAs and outsourcing agreements are designed to clearly and transparently meet IT risk management and third party risk protection requirements.
Transparent, pragmatic and developed in Germany
innus takes a transparent and pragmatic approach to contract design that meets the requirements of clients and the BaFin implementation guidelines. With the claim "designed, developed, and done in Germany", we ensure that the contract meets the highest standards and complies with regulatory requirements.
With the DORA-compliant set of contracts, innus offers a reliable and legally compliant solution for financial institutions looking for a stable basis for their IT risk management. The combination of regulatory clarity and practice-oriented contract design makes the innus contract a valuable support for institutions preparing for the requirements of DORA.
For more information about our DORA-compliant solutions and how we can support your IT risk management, please contact us for a personal consultation.