Grow your IT Wisdom for solid Business Decisions

Making you 'Fit for DORA'

Tailored Coaching in all Areas and Efficient Automation

How do you manage to efficiently implement the requirements of DORA?

Making you 'Fit for DORA'

Tailored Coaching in all Areas and Efficient Automation

DORA in Practice

The DORA regulation – the Digital Operational Resilience Act – is an EU initiative aimed at strengthening cybersecurity and operational resilience in the financial sector. It came into force in January 2023 and requires financial institutions to implement extensive security and resilience measures by January 2025. This regulation aims to ensure that financial institutions can continue to operate even in the event of ICT (Information and Communication Technology) incidents.

The FIT4DORA team is a powerful partnership between KnowledgeRiver GmbH, VIVACIS Consulting GmbH, and Luther Rechtsanwaltsgesellschaft mbH for your DORA compliance.

With high expertise in IT technology, process management, and law, the FIT4DORA team offers comprehensive advice to master your DORA challenges. From gap analysis to conception to sustainable implementation in regular operation, the individual phases are modular and can be carried out independently of each other.

KnowledgeRiver combines technology and compliance. Our expertise in IT information security and IT consulting makes DORA compliance tangible and achievable. Discover solutions that not only protect your IT but also optimize it.



Our Solution

The Prologue

DORA
Readiness Assessment

Investigate the actual status

Structured assessment of the current situation, comparison against the desired state, and development of recommendations for action

The Obligation

Transformation to
DORA Compliance

Planning & Transformation

Achieving DORA basic compliance with optimized time and monetary investment

The Extra Mile

DORA Compliance
in Business Operations

Implementation in Regular Operations

Sustainable and efficient DORA compliance, embedding DORA regulations in business operations

Structured assessment of the current situation, comparison against the desired state, and development of recommendations for action.

  • Is my company affected by DORA?
  • What exactly are the requirements of DORA?
  • What aspects does my company already cover?
  • Where is action required?
  • Determination of affectedness: categorization of the financial institution according to DORA
  • Gap analysis based on the degree of affectedness: identification of weaknesses/deficiencies via interviews (questionnaire) or research based on existing documents (e.g. xAIT documentation)
  • Inventory of company IT assets
  • Identification of responsibilities (including ICT third-party service providers)
  • Assessment of IT architecture
  • Assessment of IT processes regarding reporting, notification and auditing
  • Hand-over of detailed documentation and recommendations
  • Presentation and discussion of results regarding DORA compliance

Achieving DORA basic compliance with optimized time and monetary investment.

  • Which are the key measures that need to be implemented?
  • What documentation does the company need to generate?
  • How can be ensured that costs do not get out of control?
  • Project management and execution
    Creation and categorization of work items, assignment of responsibilities (to teams/individuals), and definition of timelines
  • IT concept validation or creation with process definition and automated documentation for:
    • Reporting (recipient: regulatory authorities, auditors, and/or internal corporate committees) with documentation of DORA compliance, tests and examinations, risk management (e.g. practices and ICT third-party risks), ICT security measures and creation of IT manuals (e.g. operational and emergency manuals)
    • Notification (recipient: regulatory authorities) for ICT incidents, reports to the information register (e.g. list of critical ICT third-party service providers and contract parameters), information exchange for joint threat mitigation
    • Auditing (recipient: internal corporate committees, auditors) for penetration testing (usually addressing cybersecurity exclusively), backup/restore tests, disaster recovery tests, KPI definition (measurement method, parameters), role and permission management
  • Basic compliance with DORA
  • Provision of concept documentation

Sustainable and efficient DORA compliance, embedding DORA regulations in business operations.

  • How can current documentation be automated for provision?
  • Which internal teams need to be involved in the processes for DORA compliance?
  • What internal and external requirements must the company regularly meet?

Establishment and further development of the digital DORA platform for central data collection and documentation for:

  • Reporting:
    • (Partially) automated collection of relevant data and information
    • Automated generation of documentation based on previously specified templates
  • Notification:
    • Automation such as collecting configuration and log data at the time of an ICT incident and transmitting it to regulatory authorities
    • Automation of reports to the information register (e.g., list of critical ICT third-party service providers and contract parameters
    • Automation of information exchange for joint threat mitigation
  • Auditing:
    • Platform for preparation, regular execution, and documentation of resilience tests (penetration testing, backup/restore tests, disaster recovery tests)
    • KPI compliance: Continuous measurement and reporting
  • Data and communication platform for all stakeholders: Company employees, Information Security Officers (ISO), IT providers, ICT third-party service providers, legal experts, and process specialists

Provision of DORA compliance officers as the central point of contact for all DORA matters:

  • Technical expertise
  • Overview of existing DORA requirements and updates
  • Development of internal and external processes
  • Maintaining contact with all stakeholders
  •  
  • Sustainable and efficient maintenance of DORA compliance

  • Reuse of established processes and automated documentation for additional requirements (e.g., NIS2, BSI basic protection, ISO 27001 certification, …)



The FIT4DORA Team

Area
Business Organization
VIVACIS Consulting GmbH, based in Bad Homburg, is a team that provides strategy, concept and process consulting as well as the implementation of regulatory requirements in the area of business organization.
Area
Legal
Luther Rechtsanwaltsgesellschaft mbH, headquartered in Cologne, is a full-service law firm specializing in IT-law, among other things.
Area
Technology
KnowledgeRiver GmbH, based in Mainz, specializes in the efficient design of IT services for high-performance and flexible IT environments.

Control your IT Usage

Example

Which technologies and capacities are needed for the implementation of a virtual sales tool?

Our service

Based on the information collected by our Data Control Platform, we jointly develop a target structure, taking into account performance, efficiency and operating expenses. For this purpose we evaluate service offerings as well as technologies.
We are happy to accompany the project during its realization.

More on this topic…

Increase your IT Services Quality

Example

Due to a company takeover, IT systems have to be consolidated and new users have to be integrated.

Our Service

With the IT services information we collect, we can directly estimate how many users can be integrated or which enhancements are necessary.

On request, we support you in implementing the necessary adjustments and check the results.

More on this topic…

Understand your IT Costs

Example

As part of a cloud strategy a company needs assistance to decide which IT services can be optimized through cloud usage.

Our Service

With our methodology we continuously collect your IT services data regarding IT usage, compliance/legal requirements (for applications & data).
Based on your requirements and IT service options we develop migration concepts for the IT services.

Upon request, we assist with the migration. If required, we support the implementation.

More on this topic…

Optimize your IT Investments

Example

Sales representatives regularly report critical application issues.

Our Service

We analyze your IT services, identify dependencies on infrastructure and application layers. Based on this, we create optimization concepts with concrete instructions for action.

If required, we provide support during implementation.

More on this topic…

Live your IT Strategy

Example

A real estate asset management company wants to offer virtual tour of buildings.

Our Service

We evaluate with you the necessary IT capacities, technologies and costs (including operation) for a cost/benefit analysis.

We are happy to accompany the project during its realization.

More on this topic…