We were brought in by mid-size financial services company to assist in identifying critical functions and assets in relation to regulatory implementation of the European Digital Operational Resilience Act (DORA). The purpose was to establish the necessary overview required by the regulation and assist the client with identifying which assets supported their most critical business functions.

We onboarded the project at a critical phase in the client’s journey to implement DORA. The concept of ‘critical functions’ is a key concept in the DORA regulation, and accordingly, implementation efforts required identification of these, before other implementation efforts could progress. We facilitated a process with the client’s senior leadership to identify and map functions/core business processes, and together with key representatives from the client’s leadership, we determined which of these should be considered mission critical. ​

After identifying critical functions, we supported the client in identifying supporting assets, both infrastructure assets and relevant third parties. This enabled client management to identify critical assets and potential single point of failures in critical functions, and furthermore, progress with other DORA implementation efforts, such as facilitation of Register of Information exercises.  ​

We helped our client:​

• Achieve a consolidated overview of business processes across the organisation.​
• Gain an improved understanding of the organization's critical functions and their dependencies.​
• Reach strategic alignment across executive leadership in criticality of business processes, and shared understanding of where to prioritize protective efforts.​
• Enable the way for compliance with DORA regulatory requirements.​