• by Admin

DORA and Digital Resilience: What Impact for Indonesian Companies?

In response to the growing threat of cyber threats and reliance on third-party technologies, the European Union introduced new regulations called Digital Operational Resilience Act (DORA) that set standards for digital operational resilience in the financial sector. Does DORA hold any significance for companies operating in Indonesia? It is a yes vote, especially for companies that want to stay relevant in the global market.

---

Why is Digital Operational Resilience becoming more crucial?

Digital systems are crucial during global crises, including the pandemic, supply chain disruptions and increasing cyberattacks. Hence its importance. According to the Ponemon Institute, 59% of data breaches are attributed to external actors. This indicates that risk management should not be limited to internal domains but rather encompass the entire vendor and technology partner ecosystem.

What's DORA?

The Digital Operational Resilience Act (DORA) is an EU regulation that aims to ensure that financial institutions such as banks, insurance companies, fintechs and investment institutions also have the capacity to survive and bounce back after facing significant digital disruptions.

DORA applies to more than 20 categories of financial entities as well as third-party technology service providers, consisting of five main pillars:

1. Information and Communications Technology (ICT) Risk Management.

2. Security Incident Reporting

3. Digital Resilience Test

4. External Partner Risk Management

5. Cyber Threat Information Exchange

How does caring contribute to the success of Indonesian companies?

DORA is an official rule of the European Union, meaning it only applies to EU member states and does not apply to Indonesia.

However, its influence can be felt in Indonesia, particularly when:

• Do you have any corporate connections in Europe? In the event that you comply with DORA, you'll be part of the ecosystem.

• Is your business a technology or cloud service provider to global corporations? Consequently, your safety protocols will also be given consideration.'

• Want to improve your online reputation and build trust? What do you look for? It could be beneficial for your business to adopt DORA principles.

• There are expectations of similar rules in Indonesia. Policy initiatives to boost cyber resilience have been introduced by OJK, BI, and BSSN.

Therefore, comprehending and implementing the principles of DORA will provide Indonesian companies with a strategic advantage in dealing with increasingly global regulatory challenges.

Third Party Risk Management is the primary focus of DORA.

The ICT Third Party Risk Management is a crucial aspect of DORA, which mandates:

• List the significant vendors and sub-vendors (Nth-party) that are important to consider.
• Conduct regular risk evaluations.
• Establish SLAs and contractual agreements that monitor vendor performance.
• Clearly report incidents to regulators.

What is the effect of DORA on the Financial Services Industry?

DORA's introduction will fundamentally alter the approach that financial institutions take to managing operational risk. The possible major effects include:

1. Enhanced accountability for managing risks with third and NPT parties. Why?

Organizations today must actively supervise and manage all service providers, including Nth-party subcontractors, who contribute to critical services.

2. Digital Resilience as Top Priority.

Creating strategies and creating a culture that's ready to handle digital disruption requires the direct involvement of organizational leaders.

3. Standardization of Incident Reporting.

In an effort to promote transparency in the industry, DORA mandates the regular and timely submission of cyber incident reports to supervisory authorities.

4. Enhanced Supervision by Regulators.

The European Supervisory Authorities (ESA) mandate technical standards for financial institutions, which must be followed to ensure compliance with audits and documentation. This is particularly important for banks.

OneTrust Solutions is a strategic partner that can help meet DORA compliance standards.

OneTrust, the leading platform, assists in managing privacy, security, and third-party risks. Companies can now comply with regulations like DORA more easily thanks to it. Some of its features include:

• Centralized vendor and contract management.

• Automated and continuous risk assessment  

• Third-party linkage mapping  

• Dashboard reports for audit and compliance purposes  
  
  

In Indonesia, PT Perkom Indah Murni is the authorized partner of OneTrust and is willing to assist companies in implementing solutions provided by OnePrust. This involves devising strategies to diminish digital risks and facilitating the transition to digital resilience that is compliant with international norms.'

---

Conclusion: Are you ready for global regulation?

Although DORA originated in Europe, its influence is being felt all over the world. Companies in Indonesia, especially those in the finance, technology and services sectors, need to quickly adjust to these changes. Not just to comply with the rules, but also to create an edge and build sustainable digital trust.

With help from OneTrust and Perkom, you can embark on a journey to achieve digital operational resilience that is more solid, transparent and compliant with international standards.

❗ Can OneTrust assist your business in meeting DORA standards?

Request a demo, consultation or strategic discussion with the Perkom team today.

Author: Ghea Devita

Marketing Communication, PT Perkom Indah Murni