IRE INS DORA Information and FAQ

On Jul. 29, IRE INS issued information note DORA act guidance.

  • IRE INS issued digital operational resilience act (DORA) information note for trustees.
  • Document dated Jul. 29, 2024, was received on Dec. 7, 2024 due to a new feed.
  • DORA Requirements
  • Trustees will be required to document and maintain a comprehensive ICT risk management framework to include ICT business continuity plans and other policies.
  • This includes controls, as part of the overall risk management system.
  • Trustees will need to identify all sources of ICT risk and cyber threats on a continuous basis along with ongoing monitoring of security and functioning of ICT systems.
  • Effective management of ICT third-party risks by trustees will ensure that key contractual provisions are in place with service providers as per art. 30 of DORA.
  • Trustees will require a register of information on all contractual arrangements on the use of ICT services provided by third-party providers, amongst other things.
  • Also, managing and reporting major ICT related incidents to IRE INS and keeping a record of significant cyber threats, and testing ICT systems on critical functions yearly.
  • Applicability
  • Schemes with 100 or over active and deferred members are under DORA obligations.
  • Those with 16-99 active and deferred members under most DORA requirements.
  • A simplified version of ICT risk management framework applies for these schemes, and they are exempt from performing advanced testing of ICT systems.
  • This includes exemption from having to adopt a strategy on ICT third-party risk.
  • Schemes with 15 or under active and deferred members will not be subject to DORA.
  • Nov. 2024 FAQ on Submission of Registers
  • On Nov. 28, 2024, IRE INS issued digital operational resilience act (DORA) Q&A.
  • Document dated Nov. 28, 2024, was received on Dec. 7, 2024 due to a new feed.
  • Refers to pension schemes requirement to submit registers of information to IRE INS.

Regulators IRE INS
Entity Types Fiduciary; Pension
Reference FAQ Version 1, 11/28/2024; Info, 7/29/2024; DORA Dir 2022/2556, Reg 2022/2554
Functions Compliance; Cyber; Operations; Record Retention; Registration/Licensing; Reporting; Risk; Technology
Countries Ireland
Category
State
Products Pensions; Retirement Plan
Regions EMEA
Rule Type Final
Rule Date 7/29/2024
Effective Date 1/17/2025
Rule Id 236370
Linked to N/A
Reg. Last Update 11/28/2024
Report Section EU

Last substantive update on 12/11/2024