ICTTF BLOGS

Digital Trust Evolution

This blog explores how three major regulatory frameworks — EU DORA, the NIS2 Directive, and the UK Operational Resilience Framework — are converging on a shared strategic objective: Digital Resilience. It examines the growing role of AI as both a powerful defence tool and a potential threat, referencing recent real-world incidents like the Spain power outage and the M&S cyberattack to highlight the urgent need for leadership. The article concludes by underscoring the importance of human oversight and introduces the role of the Certified Digital Operational Resilience Officer (CDORO) as a key driver of future resilience.

What is the Role of a Digital Operational Resilience Officer?

What is the Role of a Digital Operational Resilience Officer?

10 Reasons You Should Become a CDORO in 2025

10 Reasons You Should Become a CDORO in 2025

10 Reasons Every Board Needs a Digital Operational Resilience Officer (CDORO)

10 Reasons Every Board Needs a Digital Operational Resilience Officer (CDORO)

DORA Deadline is Here: No Ifs, No Buts – Are You Ready?

Discover the latest updates on the Digital Operational Resilience Act (DORA) from the European Supervisory Authorities (ESAs) and why financial institutions must act now to meet the January 17, 2025, compliance deadline. Learn about key mandates, risks of non-compliance, and resources from ICTTF to ensure your organization’s digital resilience. Don’t miss the EU Cyber Summit 2025 for expert insights and practical guidance. Visit www.eucybersummit.com for more.

DORA - Internal Dependency Management

The Digital Operational Resilience Act (DORA) is a pivotal regulation for financial entities within the EU, aiming to ensure that these organizations can withstand, recover from, and adapt to ICT-related disruptions. Internal dependency management, a core component of operational resilience, refers to identifying, monitoring, and mitigating risks associated with dependencies on internal ICT resources, including systems, tools, processes, and teams. This document outlines DORA’s requirements for internal dependency management, providing article references, extracts, and key actions to achieve compliance.

Understanding the ESAs Updates on ROI

Preparing for DORA Compliance – Registers of ICT Third-Party Providers The European Supervisory Authorities (ESAs) have released updated guidance to help financial entities prepare for DORA's Register of ICT Third-Party Service Providers requirements, coming into force in April 2025. These registers are essential for ensuring transparency, managing ICT risks, and enabling effective regulatory oversight. The updates include a policy framework, practical insights from the 2024 Dry Run Exercise, and a roadmap for implementation. Financial entities must ensure their registers are comprehensive, accurate, and integrated into their broader risk management strategies. Learn how to conduct a gap analysis, engage ICT providers, and leverage technology to streamline compliance in our full blog post. Visit the ESA’s dedicated page for more details.

ESA Announcement – A Critical Milestone in Preparing for DORA Compliance

The Digital Operational Resilience Act (DORA) introduces a new era of regulatory compliance, emphasising the need for financial entities to maintain detailed Registers of Information (RoI) on ICT third-party service providers. However, significant legal challenges accompany these requirements. Disputes over the standardisation of templates, particularly the use of Legal Entity Identifiers (LEI), and concerns about data privacy under GDPR have created uncertainty. Furthermore, tight timelines and overlaps with existing regulatory frameworks complicate compliance efforts. This blog explores these challenges, the implications for financial institutions, and actionable steps to prepare, highlighting the importance of proactive engagement, legal alignment, and robust compliance strategies.

Digital Operational Resilience: Lessons from NIS2 and DORA for Senior Management

NIS2 Compliance - Are You In Scope?

This blog explains the importance of the NIS2 Directive, which expands the scope of cybersecurity requirements for critical sectors across the EU, and outlines who is now in scope and the potential penalties for non-compliance. It highlights the key steps organisations need to take to comply with NIS2, including risk management, incident reporting, and supply chain security. The blog also encourages readers to enrol in the Certified NIS2 Professional (CN2P) training course to gain a comprehensive understanding of NIS2 and effectively implement it within their organisations.

NIS2 - What? and Why?

NIS2 What is It? Why Should I Care? Article for Executive Understanding.

Security Strategy and DORA

Security Strategy and DORA

DORA:Education

DORA and Education

DORA:Governance and Oversight

DORA and Governance and Oversight

DORA:ICT / Cyber Risk Assessment Requirements

DORA and ICT / Cyber Risk Assessments

DORA:Business Continuity

DORA and Business Continuity

DORA:ICT Risk Management

DORA and ICT Risk Management

DORA:ICT Incident Handling

DORA and Incident Handling

DORA:Digital Operational Resilience Testing

DORA and Digital Operational Resilience Testing

DORA:Information Sharing

DORA and Information Sharing