In a clip from HANDD’s recent webinar, experts Matt Parkinson and Nick Hogg caution against expecting a singular software solution for DORA compliance. While tools are available for specific aspects, there is no one-size-fits-all product. They stress that organisations should leverage existing compliance measures, assess and be aware of gaps and avoid vendors who promote a “silver bullet” approach.

Watch the clip ‘Is there a silver bullet product for DORA compliance?’, or read the transcript below.

Need more DORA information? Watch the full ‘DORA – One Year to Go’ webinar.

Transcript:

Matt Parkinson:

No, I’ve not seen anyone bring out anything specifically for DORA yet. Yeah, let’s be clear. But the question is, I are things developed and actually, what I would say on that question is, as you’ve already said, DORA, it isn’t really just DORA, a DORA is NIS2, and all the other things compiled together. And actually, there are products and services and other things that are available that will allow you specifically to import a certain tool set or a certain compliance set and confirmed by the organisation confirms against that compliance.

So if you talk specifically about data, for example, you can say, can you go and find my data and all the things that are relevant to that data set? So are things are available? Yes, absolutely. But I do think there’ll be more tooling for better and worse that will be DORA focused. So just because someone says it’s a DORA product doesn’t necessarily mean – as Sam there are 32 policies and then multiple articles that are wrapped them. DORA is bigger than just one product so don’t rush out to buy anything, there’s not really a one product that’s going to solve all. And as I’ve just said, there is existing compliance that you have to comply to and the chances are you’re complying with it so it may just be an extension of what you’re already doing. We won’t by default be selling you something else because I don’t think that’s the right way to go. Nick, agree?

Nick Hogg:

Absolutely, I think the point you make about there will be no one product, there’s no silver bullet for DORA or any other piece of compliance. You know, when I sat down with Fortra’s portfolio, to map that out against the requirements, there’s tons of products, even within our portfolio, which you can sort of hang off of each one of those pillars or how you would approach the project. But we’re not covering everything ourselves.

So I would be cautious about any vendor that tries to sell you a magic bullet, because it started already, what you may see is, I definitely ran across one organisation who were starting to build something out, which might give you some more visibility around some of the risks and exposure within third party service providers. So you may see tools there that can help with that kind of ICT risk management piece in terms of giving you the visibility on that side of things. But really, to points that Sam and Matt have both made before, you’ve already got with the GDPRs, PCI fours and all these things in the world, you’ve already got a bunch of the fundamental building blocks in place already.

So it’s looking at – what do I have today that already ticks all the boxes, or maybe gives me a little bit of overlap with what DORA is requiring of me, and then where have I got the gaps? Now, as with anything, I think this is one of those useful things where you can use that as a good way of reevaluating what you’re doing today. Because that thing that made sense five years ago, maybe doesn’t work as well as you need it to do for the organisation. And you can use this to align yourself with some of the cloud transformation and the cyber transformation processes that are going on internally. And again, because it’s legislation that maybe gives you something you can go back into the board the exec level with to kind of hang this on a hook of well, here’s the things we need to do to be compliant. And then that maybe gets you that buy in to address some of the underlying risks you’ve been aware of within the organisation that you know, you kind of needed to smooth out.

Need support to achieve DORA compliance?

HANDD is experienced in helping banks and financial institutions navigate the complexities of new cyber regulation, and DORA is no exception. Our experienced team of cyber-risk specialists can help you find and identify non-compliant areas of your business in preparation for the full launch of DORA in 2025.

Book a call with our DORA Consultant: Call +44 (0)845 643 4063 or email marketing@handd.co.uk

Need more? View all our DORA resources here.