FULLY BOOKED, Please sign up to the waiting list on https://forms.office.com/e/ffxLMSVCDS
In collaboration with our Supporting Sponsor Mazars we host an afternoon on Digital Operational Resilience Act (DORA)
The ever-increasing dependency of the financial sector on software and digital processes means that information communication technologies (ICT) risks are inherent on the level of an entity, the financial sector and the broader economy. Actions have been on member state level, which has limited effect given cross-border nature of ICT risks, and has resulted in overlaps and duplicative requirements for especially cross-border financial entities and cross border IT service providers.
The European Commission has adopted a detailed and comprehensive regulatory framework on digital operational resilience for EU financial entities and their key ICT third-party service providers. Key goals of this legislation is to reduce the (systemic) risks of digitalization within the financial sector and improve the regulatory instruments. The final text was published in the Official Journal on the 27th of December 2022 and shall apply form the 17th of January 2025. It can be expected that compliance with DORA will become more and more a license to operate in the financial sector for financial institutes and their IT service providers.
In this session we will discuss the new DORA legislation and, if available, the technical standards adopted by the ESAs. Furthermore we will give you an indication of the implementation impact of DORA, a possible timeframe for implementation and further guidance on the needed ICT controls like ICT-risk management, ICT-incidents, ICT third party management, IT continuity and threat led security testing.
Target audience:
Members of supervisory boards, directors and board members, (internal) auditors, CIOs and CISOs and other officials involved in information security and cybersecurity.
Program:
- 13:30: Welcome (Light lunch snacks available from 13.00)
- 14:00 Introduction, background and timelines of DORA
Jan Matto RE RI, partner Mazars IT Audit & Advisory, Global leader cybersecurity & data protection
- 14:30 Overview of the key DORA requirements, Mr. Drs. Jeffrey de Bruijn, Director cyber security & data protection Mazars IT Audit & Advisory
- 15:15 Coffee/tea and refreshments
- 15:30 How to implement the key DORA requirements: Lessons learned thus far & technical standards adopted by the ESAs Jan Matto & Jeffrey de Bruijn
- 16:15 Group discussion and wrap-up.
Afterwards we will provide complimentary drinks to informally discuss further with each other.
Registration: FULLY BOOKED, Please sign up to the waiting list on https://forms.office.com/e/ffxLMSVCDS
Place: On-site ONLY Sheraton Stockholm
Price: FREE
(no-show or cancellation less than 24 hours before the seminar will incur a fee of 250 SEK. To cancel send an email to info@isaca.se)
Jan Matto
Jan Matto is partner and global leader cyber security and data protection at Mazars. He has a couple of decades experience in advisory and auditing in IT, cybersecurity and data protection, both national and international. He is member of the committee for professional standards for IT auditing at the IFAC affiliated organization for IT auditing in the Netherlands (NOREA). He wrote several publications and some of his reports on cyber security and data protection are published by the Dutch government and discussed in the national Parliament. He is partime lecturer Enterprise IT Security Acrhitecture at the Free University of Amsterdam.
Jeffrey de Bruijn
Jeffrey, leads the Cybersecurity & Dataprivacy services at Mazars NL and has over 15 years of experience in the field of information security and privacy
He has gained this experience within the financial sector, (de)central government, municipalities, transport and logistics and various healthcare institutions. In addition, he has broad knowledge in the field of privacy legislation and follows developments in the field of European (cyber) security legislation.
Jeffrey has expert knowledge regarding various (IT) security best practices like ISO 27001, 27002, NIST, COBIT and with regard to dataprivacy legislation. Furthermore, he has a broad experience helping management understand IT security and acting as a trusted advisor.