top of page
AdobeStock_301701829_edited_edited_edited_edited_edited_edited.jpg

DORA

How does BCMLogic ONE support specific DORA requirements?

The BCMLogic One platform supports the implementation of DORA compliance management in 6 key areas:

​​

  • ICT risk management

  • ICT supplier management

  • Incident management

  • Business continuity management

  • Testing operational digital resilience

  • Modeling and managing dependencies at the interface between business and IT

​​

We use our proprietary GRC AI model (www.bcmlogic.com/ai) as a complementary element. This AI solution is dedicated to GRC (Governance Risk Compliance), which combines the ease of interaction provided by chatGPT tools with current specialist knowledge and a dedicated model (knowledge base) on the functioning of security in business. Having this specialist knowledge, the model then learns how your organization operates (based on documentation, regulations, policies, data in systems, risk, and incident register) and supports the 6 management mentioned above areas. Our AI model also works in the on-premise model where data is not transferred externally at any time.

 

ICT risk management
The BCMLogic platform allows you to identify, assess and manage risks at various levels of the organization and within various risk categories, in particular operational, strategic and specialized risks (business continuity, information security). Risk assessment methods are also supported for areas such as cloud computing (by the KNF announcement) and ESG risk. The application guides users through the full cycle - from identifying risks, through assessing their impact and probability, introducing and monitoring risk reduction plans and subsequent audit of the solutions used. An integral part is the management reporting module and monitoring of KRI indicators. As part of DORA, we use a risk management methodology in accordance with the ISO31000 standard and use AI to support the identification of the causes and effects of risk and the assessment of compliance with industry standards and reference models.

 

ICT supplier management
The supplier and contract register combined with the Risk and Audit modules enables regular risk assessment and monitoring of contractual arrangements with external ICT service providers. We use AI to monitor suppliers based on financial data and data collected from business registers, which are assessed by the model and verified in accordance with the criteria required by the Organization. Our model also performs a preliminary assessment of the security documentation provided by the supplier and the results of self-assessment (surveys on the platform).

Incident management
The Incident Management Module offers everything an advanced organization needs to meet DORA requirements in this area. Particular attention should be paid to the requirement to "Centralize the reporting of serious ICT-related incidents". The organization may use several sources of information about incidents, especially where a given sector is at the interface with another management area (BCM incidents, Information security incidents, operational events, etc.). BCMLogic allows for simple integration of these sources and further incident management in one place. We use AI to classify incidents (triage).

 

Business continuity management
The platform supports the full BCM management cycle - from BIA analysis, through the creation and management of emergency procedures, tests and handling incidents affecting business continuity. In the context of DORA, a required element is to conduct a BIA (Business Impact Analysis), a MAK (minimum acceptable configuration) analysis and document how the organization ensures business continuity and resilience within the business-defined requirements and time constraints. The entire process is supported by the BCMLogic One platform.

 

Testing operational digital resilience
Testing operational resilience means regularly performing and supervising various types of tests: from staff simulations, through tests of security systems, recovery and restoration of key business process applications, to penetration tests and social engineering. BCMLogic supports the full life cycle of such tests - from preparing assumptions, through implementation and supervision of applications and required changes and improvements. The testing element is a repository of operational procedures and emergency plans.

 

Modeling and managing dependencies at the interface between business and IT
One of the key elements of DORA is the management of connections at the interface of business functions and processes, IT services, suppliers and infrastructure. The BCMLogic application allows you to model these dependencies and feed data at individual layers from various data sources in the organization (for example: AD - organizational structure, CDMB - IT infrastructure, BPM - processes, etc.). This model, which meets DORA requirements, allows you to quickly and easily determine how infrastructure elements, ICT providers or IT services affect key functions performed by the business and how their availability, confidentiality and security affect the risk level and resilience of the organization.

bottom of page