I was just about to give up on the DORA series. If I found it boring, I can’t imagine how dull it must be for others, but a friend called me and asked me something about the approach. And when he told me how much money they paid on consultancy, contractors and tools so far, I changed my mind.
If my posts help even one company achieve compliance faster and at 10% less cost, I’ll be happy.
I will keep the pictures so that you can identify quickly the subject and…skip it if necessary. 😀
I will also write and post the rest of the series during the weekend to just finish it.
DORA project team. This is about the technical team, delivering DORA compliance.
The workstreams that I led were the strategy and governance, so I think I worked with all type of experts required in this type of project.
Three types of experts as below.
LEGAL
The legal expert is key. They will help with finding the best solutions for the governance part. What responsibilities you can allocate to the Board / Supervisory Board and to the Executive Team / Management Board. They will validate the reporting requirements so that the management body can perform their responsibilities. Some legal teams are so value-adding that they can explain to you how the regulator thinks about supervising on DORA.
RISK
I was the risk expert, but I wasn’t the only one. The risk expert in the respective business will be of great impact. They will help with defining the risk taxonomy. They will also help with developing the backbone of the digital resilience strategy simply because they have seen how other risk management strategies are developed.
IT TEAM
Finally, the IT team. I needed the following experts:
– IT information security
– IT architecture
– IT procurement
– IT change management
– IT business continuity and resilience
– IT data governance
– and IT risk management would be simply ideal
DECISION POWER
Actually, this is the final point. I pushed a lot for the team to have decision power. If the team is too junior and for every single point they need to go back to their line manager, the project takes ages.
You can find DORA text HERE.
Posted initially on LinkedIn: Claudia Craia
One response to “DORA Part 3 – Project team”
[…] DORA project· DORA Part 2 – How I would approach DORA implementation now· DORA Part 3 – My thoughts on how the project team should look· DORA Part 4 – Digital Operational Resilience Strategy· DORA Part 5 – […]