In brief
- The DORA regulation demands end-to-end visibility across people, processes and technology. It provides a detailed set of targets for financial organizations that must be addressed from January 17, 2025. Zoreza Global is partnering with companies like Asana to help structure and manage this work
- Zoreza Global is helping global financial organizations face two challenges: Intensify governance while increasing the speed of innovation. We begin by creating a real-time digital twin that includes people, processes and technology in a graph model. There’s no need to establish a complete enterprise model before you start — that’s the beauty of graph models
- An automatically maintained graph platform, delivering real-time visibility of people, processes and technology, must be a primary governance and AI investment for the enterprise. Being able to model potential risks dynamically and the blast radii of outages are potential benefits of having a digital twin in place, with possibly significant cost savings in resilience testing and “what-if” modeling
Zoreza Global is helping financial companies simultaneously increase the speed of innovation and satisfy the demand for greater governance and compliance.
The latest EU regulatory requirement, the Digital Operational Resilience Act (DORA), addresses issues of systemic and concentration risk in the global financial system.
DORA comes into effect on January 17, 2025 and holds the management team directly responsible for ICT management. Detailed act stipulations affect the people, processes and technology of every large financial organization.
Board members, executive leaders and other senior managers are expected to define appropriate risk management strategies, actively assist in executing them and stay current on their knowledge of the ICT risk landscape, including third-party providers.
Leaders can be held personally accountable for an entity's failure to comply
Article 8: Digital Operational Resilience Act
I spent a weekend copying and pasting the entire act line-by-line into a spreadsheet (from 79 pages to 234 line items).
Filter and sort DORA chapters and articles
A Zoreza Global colleague, Jorge Alberto Iduma Valdez, then loaded the spreadsheet into a Neo4j graph (available on a public GitHub repository).
DORA in a spreadsheet
DORA has implications for people, processes and technology, so I sorted each of the 234 items according to my personal category assessments: People (21), process (156) and technology (57).
People, process and technology in DORA
The count of items per article is no indication of the time, cost or impact of implementation and will differ for each organization, but it gives you an idea of the spread of thinking in the document.
The table below shows the chapter and article headings and the number of items under each. You can filter and sort on each of these to focus on areas of key importance to you.
Note to the regulator: Elements of the paragraph structure in the DORA document are not particularly data friendly.
Summary of DORA requirements by chapter and article heading
Even if only used for quick reference, this is much easier than scanning the DORA regulation. It provides a sound basis for tracking and running a DORA project in your organization, so feel free to use it or contact Zoreza Global; with our partner Asana, we can help create and run a program of work with your team.
DORA in a graph
The graph is extensive, but the model is not complicated.
In the diagram below, the term “Domain” refers to the people/process/technology dimension. Additionally, there are interconnected relationships between items, where articles refer to each other.
The graph is available on this GitHub repository.
DORA as an Neo4J graph
Why are we doing this?
Digital governance at speed. Global financial organizations face two challenges: Intensify governance while increasing the speed of innovation.
Companies can do both and should begin by creating a real-time digital twin that includes people, processes and technology in a graph model.
There’s no need to establish a complete enterprise model before you start — that’s the beauty of graph models. Just begin by modeling what you know, or use this DORA model.
1. Meet the regulatory demand for maturity in digital governance
The DORA regulation demands end-to-end visibility across people, processes and technology.
It provides a detailed set of targets for financial organizations that must be addressed from January 17, 2025. We’re partnering with companies like Asana to help structure and manage this work.
Please get in touch if you’re unclear about your DORA position.
Future iterations of DORA requirements are likely as the regulator digs deeper into the control and governance of complex cloud and on-premises deployments. In my opinion, addressing these digital requirements with existing reporting solutions will become less and less effective.
An automatically maintained graph platform, delivering real-time visibility of people, processes and technology, must be a primary governance and AI investment for the enterprise.
Being able to model potential risks dynamically and the blast radii of outages are potential benefits of having a digital twin in place, with possibly significant cost savings in resilience testing and “what-if” modeling.
2. Faster innovation by creating a network of AI metadata
Graphs provide context for AI.
As Tony Seale has constantly pointed out, AI needs connected data. Although the accuracy of LLMs still needs to improve, Gartner and others have already recognized the centrality of knowledge graphs for GenAI.
Source: Gartner
My vision is for an executive to type in a question about value, risk or performance and get an immediate model response directly relevant to their organization.
What’s the cost of answering a question?
I believe organizations must begin this initiative now. Companies like JPMC are hiring intensively in this space. The cost of asking a question will only increase and at some point, those with graph-enabled, enterprise-wide AI solutions will simply have too much of a competitive advantage.
Find out more
Zoreza Global has teams at low-cost, global locations, linking LLMs into graphs and demonstrating the value and speed of this approach.
If you’re as excited about the possibilities of graph-enabled, company-wide AI solutions as we are and you’d like to learn more about DORA’s implications for your organization, contact us.