EU DORA: A new opportunity for Site Reliability Engineers

DORA sets out several requirements for financial services organisations; for example, financial services organisations must establish a comprehensive ICT risk management framework, implement incident reporting and management procedures, conduct regular operational resilience testing, and manage ICT third-party risk effectively. 

The regulation was issued on 27 Dec 2022 and is planned to come into force in January 2025. However, there is a transitional period of one year for financial services organisations to comply with the full requirements of the regulation, so January 2024 is a looming deadline. 

Failure to comply with EU DORA could result in financial penalties and public notices that could tarnish the reputation of many businesses. 

The UK’s equivalent of the EU DORA is currently in development. The UK government has stated that it will introduce regulation that is expected to be similar to DORA but tailored to the specific needs of the UK financial sector. 

In the meantime, the Prudential Regulation Authority (PRA) has issued guidance on operational resilience that sets out the expectations of the PRA regarding how financial institutions should manage operational risks. PRA SS1/21 Operational Resilience: Impact Tolerances for Important Business Services and SS2/21 Outsourcing and Third-Party Risk Management. 

• Compliance with operational resilience regulation will benefit customers. Financial services organisations are required to implement measures to improve the resilience of their systems and services, helping to reduce the risk of outages and disruptions which can have a significant effect on customers. 
• Improved protection from cyber threats will help to protect customers from cyber-attacks, such as fraud and data breaches. 
• Increased transparency and accountability ensures that financial services organisations are meeting their obligations to customers. 

There are practical implications for application engineering teams that are needed to ensure compliance with operational resilience regulation. Site Reliability Engineers (SREs) will also play a key role in helping financial services organisations comply with these regulations. 

SREs are responsible for the reliability, performance and scalability of large-scale applications. They have the skills and experience to help financial services organisations implement and maintain the ICT risk management and operational resilience capabilities required. 

SRE teams work with stakeholders to define and measure service reliability and then develop and implement metrics to measure the reliability of the service. They work with development teams to design and build reliable systems, including the consideration of factors such as redundancy, fault tolerance and monitoring. 

They monitor systems for incidents and respond to them quickly and effectively. They also identify the root cause of the incident and implement measures to prevent it from happening again, resulting in continuous improvements. 

SRE teams automate as many operational tasks as possible to free up time that can be better spent focusing on more strategic work, such as improving the reliability of the overall system. They share knowledge and promote best practices within the business, helping to improve the reliability of applications across the organisation. SREs can play a vital role in helping companies to comply with DORA and protect their businesses from ICT-related risks. 

GFT has extensive experience and expertise implementing site reliability for our financial services customers. 

Please feel free to contact us to discuss the operational resilience challenges faced by your organisation and to see how GFT can help.