The Digital Operational Resilience Act (DORA) requires the European financial sector to take comprehensive measures to improve the security of ICT systems. This also applies to cloud services, which play a central role in the IT infrastructure of financial organizations. In the EU research project ‘EMERALD’ (https://www.emerald-he.eu/), a research team is working on a use case for the development of a digital certification process for cloud services (Certification as a Service, CaaS) in the context of DORA.
Fabasoft is supporting EMERALD as a technology and use case partner. The aim of the research project is to continuously and automatically monitor and validate the security standards and compliance requirements of cloud services.
‘The development of software components is intended to ensure efficient working methods with maximum transparency and traceability, and in particular the risk assessment and evaluation of audit-relevant content,’ says Björn Fanta, Head of Research at Fabasoft.
The DORA pilot team is examining how EMERALD’s research results can be applied in the financial sector. The use case of CaixaBank, which is also part of the EMERALD consortium, serves this purpose. The bank defines procedures and requirements that must be adhered to when gathering information, evaluating and monitoring cloud service providers. These include due diligence checks, risk assessments and the creation of exit strategies. The project team uses the ‘Fabasoft DORA’ software, which specialises in the EU regulation, for the technical implementation of these requirements.
To ensure secure collaboration with external parties, financial organisations should be able to use the software to obtain all the information they need from their ICT service providers in a protected, digital environment in a process-controlled and secure manner.
Digital workflows are used to automate the integration and evaluation of the information by the respective parties involved. Those responsible for the process can track progress at any time. The software also supports ongoing monitoring by means of automated recurring checks. Electronic workflow signatures also document the checks carried out
In addition to Fabasoft and CaixaBank, the EMERALD consortium consists of nine other academic and industrial partners. Funding for the EU research project runs until the end of October 2026.
Backlinks (German):
- EU-Projekt EMERALD: Cloud-Zertifizierung im Finanzsektor (iavcworld.de)
- EU-Projekt EMERALD: Cloud-Zertifizierung im Finanzsektor (iavcworld.de)
- EU-Forschungsprojekt EMERALD: Fabasoft setzt sich für Cloud-Zertifizierung im Finanzsektor ein (rws-verlag.de)
- EMERALD: Fabasoft unterstützt Cloud-Zertifizierung (digitalbusiness-cloud.de)