dora
Safeguard articles tagged "dora" — guides, analysis, and best practices for software supply chain and application security.
17 articles
DORA compliance for financial services: the software supply chain angle
The Digital Operational Resilience Act is now in force across EU financial services. Here's how its five pillars reach into your software supply chain and ICT third parties.
DORA compliance for application risk management
DORA became fully applicable on 17 January 2025 with no grace period, and its ICT risk-management articles map almost line-for-line onto standard AppSec practice.
DORA regulation deep dive: ICT risk, testing, and third-party rules
The Digital Operational Resilience Act applies to EU financial entities and their ICT providers. Here are the five pillars, the register of information, and what your software supply chain now has to withstand.
Software Supply Chain Security for Financial Services
Banks, insurers, and fintechs now answer to DORA, PCI DSS 4.0, NYDFS 500, and SEC disclosure rules for the software they depend on. Here is what a supply chain security program needs, and how Safeguard delivers it.
DORA Financial Services Supply Chain Obligations in 2026
The Digital Operational Resilience Act has been in application since January 2025. The ICT third-party risk management obligations are the operational center of gravity in 2026.
DORA Compliance for Fintech Engineering Teams
DORA has applied since January 2025. For engineers that means ICT asset inventories, 4-hour incident classification, TLPT, and a register of every software supplier.
DORA Third-Party ICT Risk for Financial Services 2026
A senior engineer's view of DORA third-party ICT risk in 2026: register of information, concentration risk, subcontractor depth, and the operational controls regulators actually test.
Supply Chain Security for Financial Services 2026
Supply chain security for financial services in 2026 means DORA, NYDFS 500, FFIEC, and OCC expectations. A practical guide for banks, insurers, and fintechs.
DORA for Financial Services Software Supply Chain
How EU DORA is reshaping software supply chain expectations for financial services in 2026, with practical guidance on ICT third-party risk, SBOMs, and incident reporting.
Financial Services Supply Chain Controls for 2026
What banks, broker-dealers, and insurers should require from their software vendors in 2026: DORA, NYDFS Part 500, OCC guidance, and the operational resilience controls that actually hold up.
SBOM requirements for financial services under DORA
DORA now requires EU financial entities to track every software component down to the dependency level. Here's what the SBOM requirements actually mean.
DORA Concentration Risk: ESAs' Designation of Critical ICT Third-Party Providers
DORA Article 31 lets the ESAs designate critical ICT third-party providers (CTPPs) for direct EU-level oversight. First designations land in 2025-2026 from the Register of Information.