A network from AVIXA
The Digital Operational Resilience Act (DORA) took effect from 17th January 2025, ProAV financial services end-users are racing to comply, should AV bother?
What is DORA?
DORA is the Digital Operational Resilience Act (DORA), an EU regulation aimed at strengthening the information and communication technology (ICT) security of financial entities. It ensures that the financial sector in Europe can remain resilient in the event of severe operational disruptions. DORA covers a wide range of financial entities, including banks, insurance companies, and investment firms, as well as ICT third-party service providers. Specific compliance requirements include:
👍 ICT risk management: Establishing principles and requirements for managing ICT risks.
👍 ICT third-party risk management: Mitigating risks associated with third-party ICT service providers.
👍 Digital operational resilience testing: Implementing a testing program to ensure operational resilience.
👍 Incident reporting: Managing and reporting major ICT-related incidents to competent authorities.
👍 Information sharing: Facilitating the exchange of information and intelligence on cyber threats.
Does AV need to comply with DORA?
➡️ Yes - Although the regulation targets financial services sector including Banks, Insurance Companies, Investment Firms, Payment Institutions, DORA requires ICT Third Party Provider for the financial service sector to comply with the regulation. Article 28 of the regulation specifies requirements for managing ICT risk and require that ICT Third Party Service providers for the financial services sector meet the same cybersecurity and operational resilience standards as the financial institutions they serve.
Additionally, DORA is being localised in non-EU regions so even if your do not provide services in the EU, it is diligent to consider putting structures in place.
What you need to do?
😊 Develop and maintain robust risk management policies and procedures.
😊 Maintain a record of contractual agreements with financial institutions. and review contract regularly to ensure they meet DORA requirements.
😊 Maintain an active incident management and operational resilience readiness including tested mechanisms for incident management and reporting.
😊 Designate and train a team member or members to own and administer DORA compliance in your organisation.
😊 Implement Third Party Risk Management systems to govern Third-party engagement.
It's time to Unlock AV Value!
A CTS with more than 20 years in Pro AV.With credentials including ISO 27001 Practitioner, CompTIA Security+, AVIXA CTS, and service as a member of the AVIXA Standards Steering Committee, I bring a multidisciplinary perspective that spans security governance, systems engineering, AV risk, and operational resilience. I understand AI as a socio‑technical system, where risks extend across architecture, data flows, user behaviour, and integrated AV/UC environments.
i've led the design and optimisation of secure collaboration environments — from Microsoft Teams to enterprise meeting rooms and hybrid working platforms — supporting high‑stakes spaces such as Board meetings, AGMs, and multi‑site collaboration.
I am now expanding my leadership into AI governance and responsible technology, developing capability in ISO/IEC 42001 (AIMS) and the NIST AI RMF to help organisations operationalise AI safely, ethically, and at scale
Xchange Advocates are recognized AV/IT industry thought leaders and influencers. We invite you to connect with them and follow their activity across the community as they offer valuable insights and expertise while advocating for and building awareness of the AV industry.
Please sign in or register for FREE
If you are a registered user on AVIXA Xchange, please sign in