Source URL: https://cloud.google.com/blog/products/identity-security/the-eus-dora-has-arrived-google-cloud-is-ready-to-help/
Source: Cloud Blog
Title: The EU’s DORA regulation has arrived. Google Cloud is ready to help
Feedly Summary: As the Digital Operational Resilience Act (DORA) takes effect today, financial entities in the EU must rise to a new level of operational resilience in the face of ever-evolving digital threats.
At Google Cloud, we share your commitment to the goals of DORA. We believe in building a more resilient and secure financial sector, and we’re here to support you with your DORA compliance journey. Our comprehensive suite of services, resilient infrastructure, and deep understanding of the regulatory landscape can help enable your success.
To accelerate your DORA efforts, today we’re excited to share our DORA Customer Guides on the Register of Information and Information and Communications Technology (ICT) Risk Management, and our new Google Cloud Third-Party Risk Management Resource Center. In addition, financial entities can request our DORA subcontractor list starting today.
These materials build on the DORA contract resources that we shared in February 2024, and reaffirm our mission to make Google Cloud the best cloud for DORA compliance.
aside_block
Empowering you with DORA Customer Guides
DORA requires financial entities to develop a comprehensive ICT risk management strategy. This can be a complex undertaking, requiring a deep understanding of potential threats and vulnerabilities. Our ICT Risk Management Customer Guide accelerates this process for Google Cloud by mapping DORA requirements to specific Google Cloud offerings. This can help you build a robust ICT risk management framework with our services.
DORA requires financial entities to maintain a detailed register of all their ICT service providers. This register needs to include specific information about your contracts and service providers, and it must follow a specific template. Our Register of Information Customer Guide can help simplify the process and provides the information you need from us to complete the relevant templates for Google Cloud services.
Trust through transparency about subcontracting
Transparency and risk management are paramount when it comes to subcontracting. DORA recognizes this by requiring financial entities to have a clear understanding of their ICT service providers’ subcontracting arrangements and defined subcontracting conditions.
To provide the transparency you need, we’ve updated our Subcontractor List to align with DORA’s requirements. You can request this list by contacting your Google Cloud account representative.
We’re also committed to maintaining a robust third-party risk management program that meets the highest standards of security. Our Third-Party Risk Management Resource Center provides information about how we select, manage, and monitor our subcontractors at Google Cloud, giving you insight into how we carefully manage your exposure to third-party risk.
Looking ahead
Alongside our customers, Google Cloud has been preparing for DORA for some time and as we enter an important new phase, we are as committed as ever to helping you succeed under DORA.
We’re also dedicated to collaborating with policymakers as they finalize important details of DORA, such as the outstanding Regulatory Technical Standard on Subcontracting. By working together, we believe the sector can achieve a strong and effective framework for implementing DORA.
Our goal is to make Google Cloud the best possible service for sustainable, digital transformation for European organizations on their terms — and there is much more to come.
AI Summary and Description: Yes
**Summary:** The text focuses on the implementation of the Digital Operational Resilience Act (DORA) within the EU financial sector, emphasizing Google Cloud’s commitment to support compliance efforts. It introduces resources designed to assist organizations in building operational resilience against digital threats, particularly highlighting the importance of risk management and subcontractor transparency.
**Detailed Description:**
The Digital Operational Resilience Act (DORA) is a significant regulatory framework aimed at enhancing the operational resilience of financial entities in the EU. As it comes into effect, the following points illustrate its relevance and the ongoing support provided by Google Cloud:
– **DORA Compliance Support**: Google Cloud positions itself as a partner for financial entities aiming for compliance with DORA. This is vital as organizations must adapt to heightened operational resilience requirements.
– **Regulatory Navigation**: Google Cloud offers a suite of services tailored to assist entities in navigating the complex regulatory landscape surrounding DORA. This includes infrastructure solutions and compliance resources.
– **Customer Guides**: They have introduced DORA Customer Guides, which serve to clarify the requirements for:
– **Information and Communications Technology (ICT) Risk Management**: DORA mandates a comprehensive ICT risk management strategy for financial entities. Google’s guide helps organizations map these requirements to specific Google Cloud offerings, facilitating the building of a strong risk framework.
– **Register of Information**: Financial entities must maintain a detailed register of all ICT service providers. Google offers templates and guidance to streamline this process.
– **Third-Party Risk Management**: Recognizing the significance of subcontractors, Google Cloud emphasizes the need for transparency in subcontracting relationships. By updating the Subcontractor List to reflect DORA’s requirements, Google aims to assist organizations in understanding and managing their exposure to third-party risks.
– **Collaboration with Policymakers**: Google Cloud is actively involved in discussions with policymakers to refine elements of DORA, including the forthcoming Regulatory Technical Standard on Subcontracting. This collaborative approach underscores their commitment to supporting a robust implementation framework for DORA.
– **Continuous Improvement**: Google Cloud expresses a commitment to evolving its services and support for customers in the EU financial sector, ensuring alignment with DORA’s ongoing developments and requirements.
This text demonstrates the convergence of regulatory compliance (DORA) with cloud computing services, highlighting the importance of strong operational resilience and security measures within the financial sector—critical areas for professionals involved in security, privacy, and compliance.