Digital Operational Resilience Act
At Avaya, we ensure your systems remain resilient and compliant with DORA standards, safeguarding your operations against disruptions.
Overview
The Digital Operational Resilience Act (DORA) is an EU regulation that aims to enhance the IT security and operational resilience of financial entities, including banks, insurance companies, and investment firms.
Effective January 17, 2025, DORA mandates stringent requirements for ICT risk management, incident reporting, and operational resilience.
Avaya's Commitment to Security
At Avaya, we prioritize the security and resilience of our digital operations in compliance with regulatory requirements. Our approach ensures robust risk management, continuous monitoring, and rapid response to ICT threats.
To enhance transparency, we have published a summary of our Risk & Security Policies, outlining our key principles, governance framework, and protective measures.
How Avaya Complies with DORA
At Avaya, we are committed to adhering to the Digital Operational Resilience Act (DORA) by implementing robust ICT risk management practices, ensuring comprehensive incident reporting, and conducting regular operational resilience testing. We will also manage third-party risks effectively and foster a culture of information sharing to enhance our overall cybersecurity posture. Our proactive approach to ensuring compliance with each of the 5 DORA Pillars underscores our dedication to maintaining the highest standards of operational resilience and IT security.
1. ICT Risk Management
Avaya implements a robust ICT risk management framework, integrating risk identification, assessment, mitigation, and continuous monitoring. It establishes governance policies, assigns clear responsibilities, and maintains an up-to-date risk register. Regular risk assessments and penetration testing ensure the resilience of systems against cyber threats.
2. ICT Incident Reporting
To comply with DORA’s incident reporting requirements, Avaya has developed an incident classification and escalation process. This sets up a structured process to detect, classify, and report major ICT-related incidents to relevant authorities within required timeframes. Automated monitoring tools and a dedicated response team enable timely detection and mitigation of threats.
3. Digital Operational Resilience Testing
Avaya conducts regular resilience testing, including vulnerability assessments, penetration testing, and scenario-based stress tests. It engages third-party experts for advanced testing, such as threat-led penetration testing (TLPT) where required. Test results are analysed to enhance cybersecurity controls and response capabilities.
4. ICT Third Party Risk Management
Avaya ensures strong oversight of third-party ICT service providers, integrating contractual clauses aligned with DORA requirements. It conducts due diligence, risk assessments, and ongoing monitoring of vendors to ensure their resilience. A structured exit strategy and contingency planning minimize disruption risks from vendor failures.
5. Information Sharing & Intelligence
To enhance cybersecurity resilience, Avaya participates in industry-wide intelligence sharing initiatives and collaborates with financial sector partners, regulators, and cybersecurity organizations. It maintains structured processes for sharing cyber threat intelligence while ensuring compliance with data protection and confidentiality requirements.
Avaya Solutions
Avaya Security Addendum
Our customers use Avaya's solutions to connect more effectively with their customers across the spectrum of communication vectors. Because of that, Avaya is focused on meeting its customers' needs and securely ensuring the confidentiality and security of the data.
As a sign of its commitment to customers' security, Avaya's standard security addendum can be found in the link below. Some solution scenarios may require modifications to this addendum, so please feel free to reach out to your Avaya account team to work to finalize for your specific situation.
Incident Reporting
Avaya maintains a centralised incident reporting system that not only addresses DORA’s reporting obligations but also complies with other regulations such as the NIS2 directive. This system ensures efficient communication with customers and partners, guaranteeing that incidents are promptly reported and managed in accordance with regulatory requirements.
In the event of any incidents, we will ensure that you are promptly informed either through updates on our website or direct contact from your account manager.
As a customer, if you wish, you can report anything that you feel may be of concern, you can do so via our online portal, Avaya Support.
Compliance Programs
Avaya maintains the high standards of security, and compliance always. To ensure our customers integrity, we maintain compliance with several key programs/standards.
Discover more on our compliance programs