The Digital Operational Resilience Act (DORA) is now a reality for financial institutions and their service providers. In 2026, the focus will shift...
Effectively Implementing Third-Party Risk Management under DORA
read more
Financial Sector & Compliance
EU Cyber Resilience Act (CRA): Threat Modeling as a Compliance Accelerator
The Cyber Resilience Act (CRA) is fundamentally changing how companies must prove the security of their digital products. In the future, security...
DORA Deep Dive: Threat-Led Penetration Testing (TLPT)
Since the publication of the original blog post in May 2024, the final version of the RTS for TLPT has been released. The blog post has been updated...
DORA Requirements Become More Concrete: Further RTS and ITS Published
Original publication date: July 30, 2024. Since this blog post was published, the final versions of the RTS and ITS have been released. You can find...
Update to the SWIFT Customer Security Controls Framework: What Changes Does CSCFv2026 Introduce?
Since 2017, the Customer Security Controls Framework (CSCF) has been helping organizations to effectively secure their SWIFT infrastructure. The aim...
Navigating DORA: Delvag's Successful Journey from Gap Analysis to Compliance
A cyberattack on an insurance company is far worse than just a technical problem: in addition to the breakdown of central IT systems, there is also...
New BSI Criteria Catalogues: Guidelines for the Use of AI in the Financial and Administrative Sectors
The German Federal Office for Information Security (BSI) has published two new sets of criteria for evaluating Artificial Intelligence (AI). They...
SWIFT CSCFv2025: Current Version of the Framework Brings Changes for Architecture Type B
Since its introduction in 2017, the Customer Security Controls Framework (CSCF) has aimed to strengthen the security of the SWIFT network. The aim...
7 Questions about the Cyber Resilience Act (CRA)
1. What is the Cyber Resilience Act? With the Cyber Resilience Act (CRA for short), the EU is introducing a regulation for the first...
Our 3 Key Takeaways from the BaFin Workshop on the DORA Register of Information
Original publication date: March 10, 2025. Since the publication of this blog post, BaFin has postponed the deadline for submission from April...
DORA News: Deadline for Information Registers, Lift of German Supervisory Requirements for IT in Financial Institutions
Original publication date: January 14, 2025. Since the publication of this blog post, BaFin has postponed the deadline for submission from April 11...
DORA Countdown: One Month Left Until the Deadline
DORA, the Digital Operational Resilience Act, will fully apply as of 17 January 2025. We have summarized everything you need to know about the EU regulation, preparation and best practices from our news blog.