DORA (Digital Operational Resilience Act) is the EU's response to the need for a more resilient financial sector and will apply throughout the union starting from January 2025. The regulation sets high requirements for how companies should handle cyber threats and ensure that their systems can withstand attacks. An important part of this is having full insight into their software – and that's exactly where SBOM comes in.
DORA requires that financial companies and their suppliers can show that they have control over their systems and that they can quickly identify and address vulnerabilities. With an SBOM, you get a detailed list of all components in your software, making it easy to keep track of security risks. Additionally, SBOM facilitates the work of reporting incidents and showing that you comply with DORA's requirements for transparency and responsibility.
DORA also sets strict requirements for reporting security incidents. Companies must be able to report incidents quickly and efficiently, and SBOM helps identify which components are affected and how they impact operations.
With SBOM, you can:
-
Meet DORA's transparency requirements: Show exactly which components are included in your software.
-
Improve incident handling: Quickly identify and address vulnerabilities that can affect operations.
-
Collaborate with suppliers: Require SBOMs from suppliers to ensure that the entire supply chain is secure.
SBOM is a powerful tool for meeting DORA's requirements and building a more resilient financial sector.
More about DORA
Below are videos from Finansinspektionen that go through the regulation and its requirements.