Preparedness to EU Digital Operational Resilience Act requirements
Swiss Re's position
Swiss Re is committed to digital operational resilience, recognizing its importance in safeguarding client assets, maintaining service continuity, and supporting system stability. We attentively follow regulatory developments, such as the EU Digital Operational Resilience Act (DORA). Our ongoing efforts focus on strengthening our cybersecurity measures, digital and technology resilience, and third-party risk management to prevent, withstand, and swiftly recover from disruptions.
Our approach aims to align with the key pillars of DORA, which focuses on ICT risk management, ICT related incident management and reporting, digital operational resilience testing, third-party risk management and governance.
DORA
1. Comprehensive ICT Risk Management
Swiss Re identifies, assesses, and mitigates risks associated with ICT systems to prevent disruptions and safeguard data. We review and where necessary, update our risk management framework to adapt to new threats and vulnerabilities.
2. Incident Management and Reporting
We have established robust mechanisms for detecting, reporting, and managing ICT-related incidents within prescribed timeframes. Ensuring transparency and timely communication with stakeholders and regulatory authorities as necessary.
3. Resilience Testing
We conduct regular and thorough testing of our ICT systems, processes, and infrastructure to evaluate operational resilience under various scenarios. Using the results of these tests to continuously improve our resilience measures.
4. Third-Party Risk Management
Swiss Re has implemented rigorous due diligence processes for selecting, monitoring, and managing ICT third-party providers. Ensuring resilience requirements, performance metrics, and compliance with the applicable laws and regulations.
5. Governance
We strive to maintain a robust governance, clear accountability, and proactive incident management, with senior management committees overseeing our resilience strategies.
Swiss Re views compliance not just as a regulatory requirement, but as a strategic imperative and continuously aim to build and maintain a resilient digital environment, safeguarding our operations and the interests of our stakeholders.
With these measures, we aim to secure our clients’ trust and contribute to a stable and resilient digital financial environment.