How Sheltered Harbor Supports DORA
Financial regulators in the European Union have created a new market for Sheltered Harbor. Over the last two years we have had a growing number of financial entities in the E.U. reaching out to us to discuss the Sheltered Harbor approach for defining Minimum Viable Operations and for promptly resuming critical business services. The market is indicating that Sheltered Harbor’s approach to resilience, that is focused on preparing to survive a devasting cyber outage (like a cyber attack), is almost a custom-made fit to address some of the E.U. regulators’ most significant risk concerns.
Sheltered Harbor has published a Position Paper on how Sheltered Harbor’s specifications and guides Support DORA, and we have a high-level overview here.
The quick summary is:
- These are two frameworks with common intents around critical service availability.
- Both promote a focus on prompt resumption of critical service delivery after a devastating cyber outage.
- Both urge clear definition and planning for continuous support of Minimal Viable Operations.
- Both provide Implementation Roadmaps, which are well aligned.
- Sheltered Harbor’s Certifications provide evidentiary proof of compliance with some of DORA’s toughest requirements.
Sheltered Harbor’s position is that financial entities that operate in the EU should consider using the Sheltered Harbor approach to expedite their compliance with some of DORA’s most challenging requirements. Sheltered Harbor’s objective is consistent with DORA as it relates to enabling a financial institution to withstand and recover from a severe disturbance and, through Sheltered Harbor certifications, to demonstrate compliance with DORA’s requirements for this scenario. Sheltered Harbor vaulting standards are globally accepted as the definitive approach to ensure that data is protected from loss of availability, regardless of the cause. Further, Sheltered Harbor’s implementation guides lay a groundwork for continuing to assess and address business and technology operational risk and mitigations for less severe outages.
Resilience Planning is exactly what the E.U. Regulators want to see
Defining the path to resilience is one of the earliest challenges for any organization contemplating such a program. Sheltered Harbor provides an excellent starting point; clear guidance on how to make progress; certifications to prove compliance; and an ecosystem of Alliance Partners that can help any financial entity to complete their plans and their journey toward digital operations resilience.
Data Vaulting with proof of data availability is required by DORA
By incorporating the Sheltered Harbor data vaulting approach into its BC / DR plans, a financial institution significantly enhances its ability to recover and continue delivery of critical business services.
Sheltered Harbor’s vaulting certifications provide evidence that not only is the architecture compliant, but that the processes for loading and unloading the vault are properly controlled and reliable.
Certifications can provide evidentiary proof of compliance
The control objectives required by Sheltered Harbor align neatly to DORA ICT standards in support of resilience.
The scope and coverage prescribed by the independent Sheltered Harbor audits are comprehensive. These audits can provide a solid foundation and starting point, along with offering potential reliance for the DORA examinations.
EU financial institutions that achieve Sheltered Harbor certification attain comfort that controls, safeguards and ICT compliance requirements exist and align to key DORA ICT standards.
Download the full Position Paper
Click the link above to download the full position paper for more details on how Sheltered Harbor can help your organization with their DORA compliance program.
