The DORA doesn’t directly name escrow as a viable proportional component of stressed exit plans, but that doesn’t mean escrow isn’t the solution. “Remember, DORA is technology agnostic and cannot name a solution, but there’s a clear reason why the likes of the PRA, OCC, RBI, and MAS all name escrow: It works,” Scott says.

Regardless of the priorities set by an organization, it’s important to have a multidisciplinary team in which technical staff plays a central role, and CISOs should advocate for this. That way, compliance and security measures can go in tandem. Focusing solely on a top-down compliance approach without involving technical staff might create problems down the line, according to Beltug, the largest Belgian association of CIOs & Digital Technology leaders.

If getting ready for the Act seems overwhelming, hiring the right people and bringing in advisory and legal expertise can help. Brandon says that once there’s “a good understanding of what’s in scope, it will be easier to form an internal team from relevant departments, such as infosec, compliance, procurement, and legal.”