DORA : how Skaleet places operational resilience at the heart of its strategy

In September 2020, the European Commission introduced a draft law on digital operational resilience in the financial sector. Known as the Digital Operational Resilience Act (DORA), this proposal responds to technological developments and aims to establish a harmonized framework across the European Union. Its purpose is to strengthen the ability of financial institutions to withstand ICT (information and communication technology) disruptions and threats. In January 2023, the law entered into force with application starting January 2025 across all EU member states. 

In this article, we highlight the importance of the DORA framework and explain how Skaleet supports financial institutions in meeting these requirements.

DORA: What is it all about? 

While digital innovation has brought many benefits to financial services, it has also introduced new risks linked to the growing interconnection of systems and environments. Cyber threats are evolving rapidly, compelling financial institutions to continuously adapt their cybersecurity strategies.

To address these rising threats and the disruptions affecting financial institutions, the European Union introduced the Digital Operational Resilience Act (DORA). Its primary objective is to ensure that institutions possess the resources needed to withstand, respond to, and recover from incidents related to their IT environments. By doing so, the DORA framework strengthens the overall stability and security of the European financial sector.

Its requirements are organized into five main categories:

• ICT risk management
• ICT incident reporting
• Digital operational resilience testing
• Third-party ICT risk management
• Monitoring and information sharing

To learn more about these requirements, see also: DORA : the new challenge for banking resilience 

What Skaleet is doing to ensure operational resilience

Until now, Skaleet, as a Core Banking Solutions provider, has not been directly subject to DORA. However, our customers are. In this context, we provide them with a robust and resilient infrastructure designed to meet the most stringent security standards. This support is crucial for enhancing resilience and ensuring business continuity.

Resilience and risk control

Resilience lies at the heart of DORA's requirements. This includes ensuring continuous platform availability and the ability to restart servers at any time if necessary. The Skaleet platform has been designed with resilience in mind, built on a redundant architecture supported by multiple data centers located in different geographical regions. Each center can handle the full workload with equivalent computing power.

In practice, this means that if one data center fails, another can immediately take over without any service interruption or loss of transactions, thanks to real-time replication. For new players, no additional investment is required,Skaleet provides both the infrastructure and all necessary security measures. Furthermore, the platform undergoes regular testing under conditions that simulate major failures, ensuring that crisis management processes are effective and reliable.

The DORA regulation also places particular emphasis on risk management. Skaleet adopts a systematic risk-based approach, applying, for example, the Ebios RM method to identify, assess, and control risks. For each feature, a risk analysis is conducted before delivery. 

Skaleet thus ensures a secure and resilient infrastructure to comply with DORA requirements, with several data centers having the same capacity, data encrypted at rest and in transit, transaction security, risk control, etc. 

Identification of attacks and responses to security incidents

Skaleet has security incident response plans with procedures to follow in the event of an incident, to ensure an effective response, and maintain business continuity under the best conditions. 

At the same time, DORA also imposes strict deadlines for reporting these incidents and alerting other players in the same sector. In other words, if an attack is detected, the company must quickly alert other institutions by providing specific information, such as the attacker's IP address, so that they can protect themselves.

On the other hand, Skaleet provides permanent cybersecurity monitoring.

Skaleet centralizes platform events and, based on constantly evolving rules, raises and then qualifies security alerts in the event of suspicious behavior or actions. To ensure a response, a security team and a technical team handle incidents, qualify them, and take the necessary actions: IP blocking, platform restoration, etc. 

Skaleet places security and compliance at the heart of its concerns. Our holistic approach and advanced security measures offer cutting-edge protection to financial institutions, ensuring a resilient and secure infrastructure with a framework conducive to DORA compliance.

Would you like to learn more about our Core Banking Solutions? Contact our teams.