Article

DORA Regulation: Is your business ready for the new requirements by January 17, 2025?

DORA introduces new requirements for IT security and risk management that impact the entire insurance industry. At Scalepoint, we understand the magnitude of this task and support our customers – both large and small insurers – in meeting the requirements.

Vice President, Risk & Compliance

Line Vedel Perlman

28.11.2024

Stricter requirements for suppliers going gorward

DORA places primary focus on whether a function is critical or important. Suppliers supporting a critical or important function will now face more stringent requirements from financial entities than before. Unlike Solvency II and the EIOPA Guidelines framework, DORA no longer limits the assessment to the impact of an interruption on the outsourced function. This means financial entities will impose more extensive, frequent, and in-depth oversight of their suppliers. They will also expect suppliers to effectively manage relevant subcontractors – enforcing control throughout the value chain, as a chain is only as strong as its weakest link.

To help our customers stay compliant, Scalepoint has expanded its oversight capabilities through several initiatives. Our new CISO ensures we, as a supplier and in collaboration with our subcontractors, meet the new standards.

Scalepoint delivers cost-effective DORA compliance

As a SaaS provider, we leverage the cost-efficiency of the SaaS model to support DORA requirements and reduce the burden on individual customers. Our security strategy includes ongoing resilience testing such as threat-based penetration tests, increased frequency of contingency drills, strict control of critical ICT suppliers, and a strong plan for incident response and rapid regulatory reporting.

5 ways we support DORA compliance

By choosing Scalepoint as your supplier, you can confidently focus on your core business while we ensure DORA compliance in our role as a critical third party.

  • Proactive on compliance and security – We align expectations early with customers when regulations are expected to impact our services, and we uphold high security standards
  • Effective incident handling – We guide you safely through incidents and help you manage the mandatory three-step notification process (initial alert, interim report, final report)
  • Security testing and audits – We strengthen our focus on security testing and provide ISAE3402 and ISAE3000 assurance reports
  • Increased contingency testing – You need to resume normal operations quickly in worst-case scenarios. Robust and reliable solutions are our license to operate
  • Help Center – We offer a platform that includes a dedicated Trust Center, detailing how we manage compliance and securit

Let us take on the compliance burden, so you can stay focused on your core business!