New Third-Party Management capabilities help organizations enhance resilience across the financial sector and operationalize DORA compliance

OneTrust, a leader in responsible data and AI management, has unveiled new capabilities aimed at bolstering resilience within the financial sector and facilitating compliance with the EU's Digital Operational Resilience Act (DORA). Building on its comprehensive Third-Party Management solution, OneTrust now offers pioneering features such as automated creation of DORA "register of information" reports and enhanced screening and compliance data.

1. The Importance of Cyber Resilience in Supply Chains

• Quote from Shiven Patel: "An organization's supply chain can be one of its biggest assets for efficiency and innovation, as well as its most significant obstacle to cyber resiliency."
• The Need for Risk Management Tools: With the rise of global mandates like DORA, organizations require deep visibility into their extended enterprise and efficient tools to manage risk at scale.

2. New Capabilities to Support DORA Compliance

• 4th- and Nth-Party Risk Management: Teams can now automatically identify, link, and assess fourth and nth parties, enabling efficient monitoring of concentration risks and compliance with proportionality requirements.
• Two-Click Register of Information Reporting: Quickly generate comprehensive reports detailing all contractual arrangements regarding ICT services provided by third-party service providers.
• Enhanced Risk and Compliance Data Feeds: Meet due diligence requirements by screening ICT service providers against robust datasets from partners like Dow Jones Risk & Compliance and Security Scorecard.

3. Third-Party Management's Role in DORA Compliance

• End-to-End Risk Management: The Third-Party Management solution empowers organizations to centralize the risk management lifecycle, allowing for a data-centric, risk-based approach to identifying and mitigating risks.
• Cross-Domain Insights for Decision-Making: OneTrust’s platform facilitates alignment among internal teams and supports risk-aware decision-making, ultimately creating a more resilient third-party ecosystem.

4. Preparing for DORA Implementation in January 2025

• Key Requirements Addressed: Third-Party Management assists organizations in meeting DORA’s requirements, which include:
  • Pre-Contract ICT Assessment
  • Inventory, Link, and Report on the ICT supply chain
  • ICT Risk Treatment
  • ICT Lifecycle Management
• Integration with Compliance Automation: The synergy between Third-Party Management and Compliance Automation allows organizations to break down DORA regulatory requirements into actionable and measurable capabilities.

With the introduction of new capabilities designed to enhance resilience and ensure compliance with the EU's DORA, OneTrust is solidifying its position as a leader in third-party risk management. As organizations prepare for the upcoming DORA regulations in January 2025, OneTrust’s comprehensive solutions are vital for fostering a secure and scalable third-party ecosystem.