DORA Compliance: Beyond automated reporting
While existing (generally sector-agnostic) TPRM tools increasingly include features for automated RoI submission, the true value of a TPRM tool lies in enabling key stakeholders and decision-makers to assess ICT third-party risks from the perspective of their organisation. That is certainly the case for the financial services sector, in light of the stringent governance requirements under DORA, which include requirements for the management to be strongly involved in managing ICT risks: from a requirement to develop and maintain relevant knowledge and skills, to the responsibility for the implementation of a solid ICT risk management framework (including a strategy on third-party risk), and the requirement to appoint a senior manager as responsible for overseeing risks related to using external ICT services.
This is where Complissimo makes the difference. Our DORA tool is designed with a deep understanding of the sector, focusing on identifying and mapping the organisation in an intuitive way. While the tool caters for first line TPRM at operational level (including automated RoI reporting), it also allows executives (as well as auditors and competent authorities) to follow up on ICT third party risk exposure from a more holistic perspective, however, with clear visual links to the organisation’s functions and with the ability to drill down to a more operational and/or technical level as much as needed for their supervisory tasks.
At Complissimo we are determined to set the gold standard for DORA tooling, offering financial entity stakeholders and decision-makers a true governance instrument and historical memory for the organisation that covers all DORA pillars. We're excited about the progress we've made towards offering such solution in the past weeks. Bonus: Because our tool is specifically developed for the financial services industry, it is more than a TPRM tool or even a DORA tool. Based on the feedback from financial institutions that have enrolled in our early-adopter programme, we are exploring additional features towards becoming a full scope GRC tool.
