Safeguard
Tag

dora

Safeguard articles tagged "dora" — guides, analysis, and best practices for software supply chain and application security.

17 articles

Compliance

DORA compliance for financial services: the software supply chain angle

The Digital Operational Resilience Act is now in force across EU financial services. Here's how its five pillars reach into your software supply chain and ICT third parties.

Jul 8, 20265 min read
Compliance & Frameworks

DORA compliance for application risk management

DORA became fully applicable on 17 January 2025 with no grace period, and its ICT risk-management articles map almost line-for-line onto standard AppSec practice.

Jul 8, 20266 min read
Compliance

DORA regulation deep dive: ICT risk, testing, and third-party rules

The Digital Operational Resilience Act applies to EU financial entities and their ICT providers. Here are the five pillars, the register of information, and what your software supply chain now has to withstand.

Jul 1, 20266 min read
Solutions

Software Supply Chain Security for Financial Services

Banks, insurers, and fintechs now answer to DORA, PCI DSS 4.0, NYDFS 500, and SEC disclosure rules for the software they depend on. Here is what a supply chain security program needs, and how Safeguard delivers it.

Jul 1, 20266 min read
Regulatory Compliance

DORA Financial Services Supply Chain Obligations in 2026

The Digital Operational Resilience Act has been in application since January 2025. The ICT third-party risk management obligations are the operational center of gravity in 2026.

Apr 20, 20265 min read
Compliance

DORA Compliance for Fintech Engineering Teams

DORA has applied since January 2025. For engineers that means ICT asset inventories, 4-hour incident classification, TLPT, and a register of every software supplier.

Apr 15, 20266 min read
Compliance

DORA Third-Party ICT Risk for Financial Services 2026

A senior engineer's view of DORA third-party ICT risk in 2026: register of information, concentration risk, subcontractor depth, and the operational controls regulators actually test.

Mar 18, 20268 min read
Compliance

Supply Chain Security for Financial Services 2026

Supply chain security for financial services in 2026 means DORA, NYDFS 500, FFIEC, and OCC expectations. A practical guide for banks, insurers, and fintechs.

Mar 5, 20268 min read
Compliance

DORA for Financial Services Software Supply Chain

How EU DORA is reshaping software supply chain expectations for financial services in 2026, with practical guidance on ICT third-party risk, SBOMs, and incident reporting.

Feb 25, 20266 min read
Regulatory Compliance

Financial Services Supply Chain Controls for 2026

What banks, broker-dealers, and insurers should require from their software vendors in 2026: DORA, NYDFS Part 500, OCC guidance, and the operational resilience controls that actually hold up.

Jan 22, 20266 min read
SBOM & Compliance

SBOM requirements for financial services under DORA

DORA now requires EU financial entities to track every software component down to the dependency level. Here's what the SBOM requirements actually mean.

Jan 5, 20267 min read
Compliance

DORA Concentration Risk: ESAs' Designation of Critical ICT Third-Party Providers

DORA Article 31 lets the ESAs designate critical ICT third-party providers (CTPPs) for direct EU-level oversight. First designations land in 2025-2026 from the Register of Information.

Nov 26, 20258 min read
dora — Safeguard Blog