DORA Readiness for Existing Provider Contracts

With the Digital Operational Resilience Act (DORA) coming into force, existing contracts with IT providers must be extended by around 40 mandatory minimum contents (Art. 30 DORA). For a portfolio of strategic provider contracts, evidence had to be produced within a few months that contracts, due diligence and exit scenarios are DORA-compliant.

Structured service due diligence per provider, gap analysis of existing contracts against the DORA catalogue, prioritised renegotiation, build-up of a contract repository including exit and subcontracting provisions. Close coordination with compliance, legal and the business units.

Timely establishment of contract compliance for several strategic providers, documented DORA compliance evidence, a viable process for ongoing follow-up.