Cybersecurity & DORA Compliance
Context
As part of its IT transformation and in response to increasing regulatory requirements related to cybersecurity and operational resilience, a leading insurance company launched several initiatives to strengthen its IT risk governance. This effort is driven in particular by the upcoming enforcement of the European DORA (Digital Operational Resilience Act) regulation, requiring financial institutions to enhance their management of technology and cybersecurity risks. To support this transition, the client relied on Avaliance to structure risk monitoring, manage remediation plans, and progressively align internal processes with regulatory requirements and security standards.
Challenges
The client needed to improve control over IT risks and strengthen cybersecurity governance to reduce operational risk and ensure regulatory compliance.
Key challenges included maintaining and managing the risk register, ensuring effective implementation of remediation plans, aligning progressively with DORA requirements, and engaging business teams in a sustainable approach to security and operational resilience.
Achievements
-
maintenance and management of the risk register and tracking remediation plans
-
formalization of internal security processes and compliance alignment for process owners
-
preparation of annual security testing and internal control campaigns (process and evidence collection)
-
monitoring of remediation plans resulting from control campaigns and security audits
-
support in implementing and aligning with DORA regulatory requirements
