What is DORA and what does it mean for Red Cactus Partners? The Digital Operational Resilience Act (DORA) is a European regulation that will apply from January 17, 2025, to financial institutions within the EU and their ICT service providers. This law requires entities in the financial sector (including banks, insurers, investment firms, and pension funds) to demonstrate that their digital resilience is properly in place. As part of this, requirements are also imposed on third parties that provide ICT services to these institutions.
Since Red Cactus often acts as a third-party ICT provider through its partners and distributors, it is possible that clients in the financial sector will request information about Red Cactus’s digital resilience. These requests may relate to due diligence, vendor assessments, or compliance audits.
To support our partners in this regard, we have created an official DORA Compliance Statement. This document is now available in our knowledge base at wiki.redcactus.nl under Files > SLA & GDPR Documentation (note: this page is only visible when logged in and is accessible exclusively to Red Cactus partners), alongside other relevant documents such as protocols, procedures, data processing agreements, SLAs, and more. Partners can use this document directly when responding to questions about DORA compliance.