Discovering DORA change management through Dora the Explorer

Dora never embarks on an adventure without consulting her map. Similarly, DORA mandates that financial institutions develop comprehensive ICT business continuity policies as part of their ICT risk management framework. These policies should include procedures for ICT project and change management to ensure system continuity and resilience.

Change management implications:

• strategic planning helps organisations stay on course and achieve compliance efficiently
• a well-defined roadmap is crucial for navigating the complexities of ICT risks and ensuring all potential vulnerabilities are identified and addressed
• implementing a new risk management framework requires significant organisational change 
• clear communication of the new strategic plan, training sessions for employees to understand their roles within this plan, and regular updates to keep everyone informed of progress and adjustments are essential.

DORA places significant emphasis on the roles of executives and board members. The board of directors, referred to as the ‘management body’, is responsible for overseeing the entity’s adherence to digital operational resilience standards. This includes ensuring robust oversight, control, and input on policies and procedures, even within complex group structures. Board members must maintain and update their knowledge on ICT risks, necessitating regular, specific training to ensure they understand ICT security, the entity’s specific ICT risks, and the strategies in place to mitigate these risks.

Just as Dora uses her map to navigate through various challenges, financial institutions must integrate the following regulatory standards as a guide, to ensure smooth and secure operations.

• Comprehensive ICT risk management framework: DORA requires a robust framework for managing ICT risks, covering the full project lifecycle, and including a change management procedure to maintain resilience and prevent vulnerabilities.
• ICT third-party risk management: institutions must review third-party service changes to ensure they don’t compromise operational resilience, updating contracts to align with DORA’s change management requirements.
• Digital operational resilience testing: financial entities must perform regular testing to evaluate change impacts and ensure rapid recovery from ICT disruptions, including thorough impact assessments prior to changes.

Change management implications.

• Integrating these standards is akin to Dora’s meticulous planning and problem-solving. 
• Financial institutions must adopt a similar approach by thoroughly assessing risks, engaging all stakeholders, and ensuring all systems and processes are resilient and compliant with regulatory standards.

In Dora’s world, Swiper the Fox represents unforeseen challenges. For us, cyber threats are the “Swipers” we must guard against. DORA’s stringent security measures emphasise the importance of proactive defences. By implementing robust cybersecurity protocols, organisations can prevent malicious actors from compromising their systems, ensuring data integrity and operational continuity.

Change management implications.

• Enhancing cybersecurity protocols involves changes in daily operations and behaviour.
• Employees need to be trained on new security measures, and there must be a cultural shift towards vigilance and responsibility.
• Regular testing and simulations can help embed these practices into the organisational fabric.

Dora’s adventures are successful because of her collaboration with Boots, her trusted companion. Similarly, DORA compliance necessitates active engagement with stakeholders, including internal teams, partners, and regulators. Effective communication and collaboration ensure that all parties are aligned and committed to enhancing digital resilience, fostering a unified approach to compliance.

Change management implication:

• stakeholder engagement is key to successful change management
• identifying all relevant stakeholders, understanding their concerns and expectations, and keeping them informed and involved throughout the compliance process is vital
  regular meetings, feedback sessions, and transparent reporting can facilitate this engagement.

Dora’s backpack is always equipped with essential tools for her journey. For financial institutions, DORA requires an array of tools and policies to ensure digital resilience. This includes updated ICT systems, robust incident response plans, and continuous monitoring mechanisms. Being well-equipped ensures organisations can meet regulatory requirements and swiftly address any disruptions.

Change management implications.

• Introducing new tools and systems can be disruptive. 
• Effective change management involves planning the deployment of these tools, providing thorough training to all users, and offering ongoing support. 
• Additionally, feedback mechanisms should be in place to address any issues or improvements needed post-implementation.

Each of Dora’s adventures concludes with a celebration of success. Achieving DORA compliance is a significant milestone that reflects a cultural shift towards prioritising digital resilience. Celebrating these milestones acknowledges the hard work and dedication of all involved, reinforcing the importance of continuous improvement and adherence to best practices.

Change management implications.

• Recognising and celebrating achievements boosts morale and reinforces positive behaviour. 
• Regularly acknowledging milestones in the DORA compliance journey through team meetings, newsletters, and awards can motivate employees and sustain momentum towards continuous improvement.