GCP – The EU’s DORA regulation has arrived. Google Cloud is ready to help
As the Digital Operational Resilience Act (DORA) takes effect today, financial entities in the EU must rise to a new level of operational resilience in the face of ever-evolving digital threats.
At Google Cloud, we share your commitment to the goals of DORA. We believe in building a more resilient and secure financial sector, and we’re here to support you with your DORA compliance journey. Our comprehensive suite of services, resilient infrastructure, and deep understanding of the regulatory landscape can help enable your success.
To accelerate your DORA efforts, today we’re excited to share our DORA Customer Guides on the Register of Information and Information and Communications Technology (ICT) Risk Management, and our new Google Cloud Third-Party Risk Management Resource Center. In addition, financial entities can request our DORA subcontractor list starting today.
These materials build on the DORA contract resources that we shared in February 2024, and reaffirm our mission to make Google Cloud the best cloud for DORA compliance.
- aside_block
- <ListValue: [StructValue([(‘title’, ‘$300 in free credit to try Google Cloud security products’), (‘body’, <wagtail.rich_text.RichText object at 0x3e3c64f63190>), (‘btn_text’, ‘Start building for free’), (‘href’, ‘http://console.cloud.google.com/freetrial?redirectPath=/welcome’), (‘image’, None)])]>
Empowering you with DORA Customer Guides
DORA requires financial entities to develop a comprehensive ICT risk management strategy. This can be a complex undertaking, requiring a deep understanding of potential threats and vulnerabilities. Our ICT Risk Management Customer Guide accelerates this process for Google Cloud by mapping DORA requirements to specific Google Cloud offerings. This can help you build a robust ICT risk management framework with our services.
DORA requires financial entities to maintain a detailed register of all their ICT service providers. This register needs to include specific information about your contracts and service providers, and it must follow a specific template. Our Register of Information Customer Guide can help simplify the process and provides the information you need from us to complete the relevant templates for Google Cloud services.
Trust through transparency about subcontracting
Transparency and risk management are paramount when it comes to subcontracting. DORA recognizes this by requiring financial entities to have a clear understanding of their ICT service providers’ subcontracting arrangements and defined subcontracting conditions.
To provide the transparency you need, we’ve updated our Subcontractor List to align with DORA’s requirements. You can request this list by contacting your Google Cloud account representative.
We’re also committed to maintaining a robust third-party risk management program that meets the highest standards of security. Our Third-Party Risk Management Resource Center provides information about how we select, manage, and monitor our subcontractors at Google Cloud, giving you insight into how we carefully manage your exposure to third-party risk.
Looking ahead
Alongside our customers, Google Cloud has been preparing for DORA for some time and as we enter an important new phase, we are as committed as ever to helping you succeed under DORA.
We’re also dedicated to collaborating with policymakers as they finalize important details of DORA, such as the outstanding Regulatory Technical Standard on Subcontracting. By working together, we believe the sector can achieve a strong and effective framework for implementing DORA.
Our goal is to make Google Cloud the best possible service for sustainable, digital transformation for European organizations on their terms — and there is much more to come.
Read More for the details.
