Developed by Schuberg Philis experts Sandeep Gangaram Panday (Trust Officer) and Jeremy Oschmann (IT Auditor), this framework transforms DORA’s complex regulations into clear, actionable steps, empowering organizations to build long-term operational resilience.
Effective January 2025, DORA will require financial institutions across the European Union to enhance their digital operational resilience. The framework simplifies DORA’s extensive legal requirements, breaking them down into 8 domains, 29 sub-domains, and 90 actionable controls. This enables institutions to conduct gap analyses, prioritize improvements, and implement the necessary measures with confidence.
“Resilience is no longer a luxury; it’s a business imperative,” said Sandeep Gangaram Panday, Trust Accelerator Lead at Schuberg Philis. “With the DORA Control Framework, financial institutions can go beyond ticking compliance boxes. It’s about embedding resilience into every layer of the organization, from IT systems to critical business processes. This ensures they’re prepared not just for disruptions but for future growth and innovation.”
The framework emphasizes a tailored approach, allowing organizations to scale their efforts based on size, complexity, and risk profile. It also integrates governance tools, such as visual dashboards and maturity models, to support communication across all organizational levels.
“We designed this framework to be both practical and strategic,” added Jeremy Oschmann, Cyber Risk and Resilience Expert at Schuberg Philis. “It’s built on the principle that operational resilience is not a destination but a journey. Our goal is to help institutions navigate this journey effectively, turning regulatory compliance into a competitive advantage.”
The DORA Control Framework has been developed in close consultation with industry leaders and validated by NOREA’s Taskforce DORA. It aligns with existing standards, such as the Dutch Central Bank’s Good Practice for Information Security, making it easier for institutions to transition to DORA compliance.
For more information: DORA in control | Schuberg Philis
