The European Digital Operational Resilience Act, or DORA, adopted in November 2022, establishes a framework for strengthening the resilience of financial institutions, particularly banks and investment firms, when faced with risks related to information and communication technologies, including those related to identities and user access.

The first step in securing a company’s network and information system is to find out who has access to what and how, who granted access, and whether or not the granted access is legitimate. Some companies operate without established processes, while others rely heavily on manual procedures. Adopting automated user access reviews can help companies quickly and efficiently answer the regulatory directives posed by DORA while eliminating the time-consuming and costly methods currently being used to tackle these issues internally.