dora
Safeguard articles tagged "dora" — guides, analysis, and best practices for software supply chain and application security.
17 articles
DORA Subcontracting RTS: Inside Commission Delegated Regulation 2025/532
The DORA subcontracting RTS adopted on 24 March 2025 governs how ICT third-party providers may subcontract critical or important functions, in force from 22 July 2025.
DORA TLPT RTS: What the Threat-Led Penetration Testing Standard Requires
The Commission published the DORA TLPT RTS on 18 June 2025 with direct effect from 8 July 2025. Tests are mandated every three years, aligned to TIBER-EU methodology.
DORA Register of Information: Lessons From the First Submission
The 30 April 2025 ESA deadline forced banks and insurers to inventory every ICT contract against 105 prescribed data points — and exposed structural gaps in third-party data.
DORA Operational Resilience: Software Implications
DORA became fully applicable January 17, 2025. Here's what Articles 6, 8, 28, and the ICT third-party RTS mean for the software you build, buy, and operate in the EU.
Fintech Software Supply Chain Regulatory Map
A practical tour through the tangle of regulations, supervisory letters, and industry standards that now govern how fintech firms build, buy, and operate software.