The Digital Operations Resilience Act (DORA)
Digital Operations Resilience Act (DORA) is an EU regulatory framework designed to enhance the operational resilience of organisations within the financial sector. It provides a comprehensive approach to addressing security challenges and risks posed by the evolving threat landscapes and ensuring safeguards are in place to mitigate and respond.
Features
- DORA's aligned with the wider EU Network and NIS2 regulations.
- Financial entities need to be complaint by 17th January 2025.
- DORA requires resilience with accountability at Senior Management level.
- Conduct a Gap Analysis against five key areas of compliance.
- Developing a DORA based security improvement plan before the deadline.
- DORA has added Threat-Led Penetration testing as a mandatory requirement.
- Incident response planning, management and reporting must be documented.
- Implement regular testing and audits to assess security controls.
- Implement regular testing and audits to assess security controls.
- Understanding the threats to CIFs or their related assets, dependences.
Benefits
- Ensuring financial entities have robust risk management processes.
- Identify, protect, detect, respond and recover from ICT related incidents.
- Understand the impact of ICT disruptions.
- Mandate the reporting of significant cyber incidents and responses.
- Supervising the relationship between financial entities and third-party providers.
- Develop a robust Risk Management process.
Pricing
£990 a unit a day
Service documents
Request an accessible format
Framework
G-Cloud 14
Service ID
2 9 3 0 0 2 1 7 9 7 5 2 7 1 8
Contact
Sapphire
Katie Smith
Telephone: 0845 58 27001
Email: katie.smith@sapphire.net
Planning
- Planning service
- No
Training
- Training service provided
- Yes
- How the training service works
- Vulnerability assessment and remediation end user training. All training can be bespoke and tailored to the clients requirements.
- Training is tied to specific services
- No
Setup and migration
- Setup or migration service available
- No
Quality assurance and performance testing
- Quality assurance and performance testing service
- No
Security testing
- Security services
- Yes
- Security services type
-
- Security strategy
- Security risk management
- Security design
- Cyber security consultancy
- Security testing
- Security incident management
- Security audit services
- Certified security testers
- Yes
- Security testing certifications
-
- CHECK
- CREST
- Cyber Scheme
- Other
- Other security testing certifications
- Cyber Essentials Technical Auditor (CE+)
Ongoing support
- Ongoing support service
- No
Service scope
- Service constraints
- None, as the service will be defined during the project scope.
User support
- Email or online ticketing support
- Email or online ticketing
- Support response times
- Monday to Friday 9x5 e-mail helpdesk support support@sapphire.net or 0845 58 27999. Questions are typically answered within 4hrs.
- User can manage status and priority of support tickets
- No
- Phone support
- Yes
- Phone support availability
- 9 to 5 (UK time), Monday to Friday
- Web chat support
- No
- Support levels
-
"
Level 1 - Sapphire Helpdesk The first point of escalation should always be the Sapphire HelpDesk and escalation must be separate from the initial call to log the fault. The Cloud customer must obtain a case reference number for the fault. Level 2 - Sapphire Professional Services Manager This is the second point of escalation in the event of the HelpDesk being uncontactable or an increase in call priority being required. The Cloud customer should quote the case reference number provided. Level 3 - Sapphire Business Services Director This is the third point of escalation in the event of the Manager being uncontactable or a further increase in call priority being required."
Resellers
- Supplier type
- Not a reseller
Staff security
- Staff security clearance
- Other security clearance
- Government security clearance
- Up to Security Clearance (SC)
Standards and certifications
- ISO/IEC 27001 certification
- Yes
- Who accredited the ISO/IEC 27001
- SGS
- ISO/IEC 27001 accreditation date
- 12/09/2023
- What the ISO/IEC 27001 doesn’t cover
- N/A
- ISO 28000:2007 certification
- No
- CSA STAR certification
- No
- PCI certification
- No
- Cyber essentials
- Yes
- Cyber essentials plus
- Yes
- Other security certifications
- No
Social Value
- Social Value
-
Social Value
- Fighting climate change
- Covid-19 recovery
- Equal opportunity
- Wellbeing
Fighting climate change
We make sure that we recycle where we can and take appropriate modes of transport to get to clients. Our offices in Darlington and Glasgow are easily accessible by public transport meaning that many of our colleagues go to an office by these means. For other colleagues, we offer remote working, and colleagues are able to attend an office when they need We are pricing our services to encourage customers to prefer remote access and remote working where possible. One of Sapphire staff is undertaking a part time PHD studying the carbon consequences of cyber crime and it’s mitigation which is inclusive of Sapphire customers and partners.Covid-19 recovery
We have encouraged our staff back to office working especially in the SOC which runs 24*7 shift patterns. We have recently engaged in local communities by hiring space in local charity buildings for company meetings as in house face to face meetings. We have performed pro-bono work with charities to check their security status and help them move onwards from Covid in the face of increased cyber attacks on charities.Equal opportunity
We have an Equal Opportunities policy which everyone in Sapphire adheres to. We are currently at 29% of females in our organisation, a number that has grown over the last few months. Our recruitment processes allow us to interview the best people for the roles we have available, and we insist on 50:50 short-lists for all roles. We value the views of others and see as a strength our openness to challenge. We have recently employed further military reservists giving them the opportunity to be deployed overseas helping HM Government. Recently we have signed documentation to join the NCSC Cyber First scheme to help young people especially women and girls to join the ranks of cyber professionals. We also mentor young people who are keen to move into cyber at some stage in their career.Wellbeing
We take the wellbeing of our colleagues seriously; we offer an Employee Assistance Programme, have health cover, a pension scheme and Life Cover. We also provide opportunities for colleagues to Give Back to local projects/schemes and they can use a day a year to do this.
Pricing
- Price
- £990 a unit a day
- Discount for educational organisations
- No