Generic filters
Exact matches only
Search in title
Search in content
Filter by Custom Post Type
Filter by Categories

How To Manage Third Parties with DORA

In this video, discover an in-depth exploration of the significance and ramifications of third-party relationships within the framework of the Digital Operational Resilience Act (DORA). Our host, Guy Marong, engages in a comprehensive discussion with Pierre Noel covering various aspects of third-party management. Noel is an experienced CISO with deep understanding of the diverse nature of third parties. They unravel to the complexities involved in ensuring organizational resilience.


Play Video

Navigating Third-Party Management Challenges


The conversation recognizes how crucial third parties are in today’s business landscape. It highlights that even small engagements, like building maintenance or security services, can impact an organization’s security. They highlight the challenge posed by shared third-party arrangements across different teams within an organization.


From a cybersecurity perspective, the speakers underscore the critical role of resilience, not just in preventing incidents. Effectively responding to and recovering from such incidents is equally important. They emphasize on continuous risk assessment and monitoring. And also caution against the tendency to treat risk assessment as a mere box-ticking exercise. Instead the purpose is to gain genuine understanding of the risks involved. Additionally, they advocate for professionals to ensure that the assessment is relevant to the current risks.


Contractual obligations and external monitoring emerge as crucial elements in managing third-party relationships effectively. Noel encourages organization to include proactive external monitoring, such as continuous checks of third-party websites or the dark web.


The discussion also looks into how we assess third parties’ security levels and the need to help them enhance their security, particularly if they don’t meet our organization’s standards. They also emphasize the risk from fourth parties, like the partners of our third parties. Showing why we need to thoroughly assess risks and share information throughout the supply chain.


Embracing a Holistic Approach


In conclusion, organizations should follow a holistic approach to third-party management that extends beyond mere regulatory compliance. They underscore the need for a Chief Resilience Officer within organizations—a dedicated role responsible for overseeing resilience mechanisms across various risk domains and ensuring continuity in the face of disruptions.


Challenges related to termination of third-party relationships are also addressed. There is great emphasis on ongoing planning and resilience in the event of abrupt terminations due to security incidents or contractual breaches. Although contracts can discourage certain behaviors, we learn not to rely solely on contracts for organizational resilience.


Overall, the video offers a comprehensive exploration of the multifaceted challenges and considerations involved in managing third-party relationships under the regulatory framework of DORA.



Cubic Lighthouse is a cybersecurity publication dedicated to demystifying security, making news actionable, providing deeper thinking about the fundamentals of security, and providing decision-makers and the community at large with the right information to make the right decisions. We will also feature more technical articles and provide personal/family security advice.

©2024 Cubic Consulting, a Smart Security Company for your Business – All Rights Reserved.