Skip to main content
Question

Is anybody using LeanIX to respond to the Digital Operational Resilience Act?

  • February 7, 2024
  • 5 replies
  • 600 views
E

Hi All - we’re a european financial institution, looking to respond the the mapping and identification requirements of the Digital Operational Resilience Act (DORA).  Is anyone using LeanIX in their solutioning for this use case?

L

5 replies

Justin Swift
Forum|alt.badge.img+1
  • Justin Swift
  • Veteran
  • February 13, 2024

@EileenD in other posts, members suggest the use of the “Objective” factsheet type, and relate them to how an application or other fact sheet may meet the objective.

Quite often Objective sub-types are created to aid filtering for things like Directives, Regulations, Architecture Principles etc, as well as Business Improvement ones.

The Objective relation can be configured to have extra fields/attributes to add detail and context.

Hope this helps.

E
niladrinayak
E
  • EileenD
  • Author
  • Rookie
  • February 14, 2024

thanks @Justin Swift , makes sense for managing the regulatory change initiative alright.  This particular regulation requires us to identify and map all our technology against the business functions they support (with a cyber resilience focus), so LeanIX is a potential tool to deliver compliance, I’m wondering has anybody done this?  Or is anyone using it as a partial solution along with say ServiceNow or other tool(s)

S
Forum|alt.badge.img

Not yet, but we are also very interested in finding out how other financial service companies could benefit from LeanIX and solve DORA requirements within it. Do you also deal with the topic of reference architectures in LeanIX, which DORA requires?

E
E
  • EileenD
  • Author
  • Rookie
  • March 13, 2024

Interesting, I hadn’t seen the requirement for reference architectures in DORA, must investigate!  We are maturing our reference architecture in LeanIX as we adopt more of the metamodel - grappling with modelling the technology->application layers, investigating the TRM

S
Forum|alt.badge.img

@EileenD It seems that the scope is not yet completely clear and what a reference architecture for the various stakeholders looks like. It may well be that this refers to the security reference architecture. In any case, we are interested in further discussions on how DORA could benefit from LeanIX. 

 

One use case could be:

Operational Resilience
DORA requires IT disaster recovery plans and a robust IT architecture that can force organizations to adapt their business processes , IT infrastructure and applications to remain capable of acting in the
event of IT failures or security incidents

Security incidents could be linked to LeanIX so that it is clear which relations are affected.

 

However, we have not yet decided to implement this in LeanIX. 

E
Terms & ConditionsCookie settingsAccessibility statement