Report to Society 2024

Risk management and data protection for greater digital resilience

Two years is an extremely short period of time to implement the complex requirements of DORA in a practical manner. A central requirement of DORA: Institutions must specify which functions are critical and important for their business. They should set clear priorities and strengthen the parts of their infrastructure that are particularly relevant, regardless of whether the respective areas of the IT infrastructure are located within the company or outsourced. Once again, the broad structure of the association is paying off for the Savings Bank Finance Group: In addition to the savings banks, it includes highly specialised service providers such as Finanz Informatik (FI), the central digitalisation partner, and other IT service providers within the Group. In an overarching DORA project led by the DSGV, the FI provides the institutions with information on topics such as vulnerability management, network security or two-factor authentication and thus on the FI’s services.

The “RiMaGo” and “bit-compliance” software solutions, central control tools for risks, management and governance, which were previously adapted to DORA, also help the savings banks to implement the DORA requirements. The tools can be used to monitor the most important areas of management and IT in compliance with DORA and also to control the reporting processes required by DORA in the event of a security breach. In addition to the central implementation project of the DSGV, another company of the Savings Bank Finance Group, Sparkassen Consulting, offers support with implementation, application optimisation and employee training. This enabled the savings banks to optimally fulfil the new requirements of DORA despite the comparatively short start-up time and ensure the best possible implementation of the European requirements in terms of cyber security and data protection for the benefit of their customers.