As a software-as-a-service (SaaS) provider and customer-centric company, Duck Creek Technologies recognizes the importance of digital operational resilience in today’s evolving landscape. We believe many of our current practices already align with the obligations of the Digital Operational Resilience Act (herein referred to as DORA), ensuring the security, reliability, and continuity of our services. This overview provides our understanding of DORA, highlights key compliance areas, and demonstrates our commitment to fostering trust and delivering exceptional service.
DORA represents a comprehensive and forward-thinking regulation proposed by the European Union (EU) to enhance the operational resilience of the financial sector in the face of evolving digital threats. DORA acknowledges the increasing dependence of financial institutions on digital systems and aims to establish a harmonized framework to address digital operational risks effectively. DORA sets out several key objectives including enhanced resilience, risk identification and management, incident reporting and information sharing, and third-party risk management.
In an increasingly interconnected and digitalized world, ensuring the resilience of our operations and protecting the interests of our customers is of paramount importance. In anticipation of the adoption and implementation of DORA, we have proactively embraced its principles, incorporating them into our operational framework.
Duck Creek’s current operations already meet several of DORA’s key requirements.
- Risk Management Framework: We have implemented a risk management framework that enables us to identify, assess, and mitigate digital operational risks. Our comprehensive approach includes regular risk assessments, the implementation of appropriate controls, and ongoing monitoring and reporting.
- Governance and Oversight: To ensure effective governance and oversight, we have established clear roles and responsibilities, documented policies and procedures, and implemented regular assessments and audits. This ensures that our digital operational resilience measures are in line with the highest standards.
- Incident Reporting: We are committed to transparent and timely incident reporting. Our incident response procedures are designed to promptly detect, respond to, and report significant cyber incidents, operational disruptions, or other relevant events as required by DORA.
- Business Continuity Planning: We have developed business continuity and disaster recovery plans that allow us to maintain critical operations and services during disruptive events. These plans undergo regular testing, review, and refinement to ensure their effectiveness and adaptability.
- Third-Party Risk Management: Our approach to third-party risk management encompasses comprehensive due diligence, contractual arrangements that address operational resilience requirements, and ongoing monitoring and assessment of our vendors. We strive to maintain a resilient and secure ecosystem of trusted partners.
- Cooperation and Information Sharing: Cyber threats executed by bad actors in the financial industry target multiple organizations at the same time. We actively collaborate and share relevant information with industry peers, regulators, and other stakeholders. By fostering open communication channels, we contribute to a collective understanding of emerging threats, best practices, and potential vulnerabilities in the financial sector.
- Retrospective Analysis: On at least an annual basis, we perform a review and approval of all company policies. As part of this review, we update company policies with consideration given to external incidents. This is intended to help us learn from other incidents and not fall victim to the same types of attacks.
At Duck Creek Technologies, we recognize the critical role that digital operational resilience plays in safeguarding our customers’ interests and ensuring the continuity of our services. By proactively aligning our practices with the potential obligations of DORA, we demonstrate our commitment to excellence, security, and reliability. As the financial industry evolves, we remain dedicated to adapting and improving our operational resilience measures to meet the ever-changing landscape of digital risks.