SAP welcomes these regulatory changes to uplift EU cybersecurity and operational resiliency.SAP sees DORA as a codification of cybersecurity risk management and resiliency best practices. Since the law’s publication, SAP has worked in a project mode to drive the implementation efforts and created dedicated governance teams to ensure SAP’s ongoing DORA-readiness While DORA applies to financial institutions and affects SAP in its role as their ICT third-party service provider, SAP falls directly in the scope of the NIS2 Directive (Network Information and Security). Both laws overlap in the sense that NIS2 requires SAP to implement measures for cybersecurity risk management, vulnerability handling, incident reporting, business continuity and disaster recovery and third-party security risk management, and DORA expects SAP to provide assurances to its financial customers that such measures are in place.
Download the Document