[{"data":1,"prerenderedAt":818},["ShallowReactive",2],{"globals":3,"article-reglementation-dora-latest-articles-fr":464,"article-article-reglementation-dora":490},{"de":4,"en":193,"fr":347},{"id":5,"documentId":6,"titleSeparator":7,"title":8,"createdAt":9,"updatedAt":10,"publishedAt":11,"locale":12,"logo":13,"favicon":27,"seo":40,"navigation":48,"header":128,"footer":137,"videoPoster":160,"localizations":181},70,"nxlpiutyi22j347lzjvtcmt9","|","Cybervadis","2025-03-26T10:37:37.549Z","2026-06-23T08:53:06.827Z","2026-06-23T08:53:07.128Z","de",{"id":14,"documentId":15,"name":16,"alternativeText":17,"caption":17,"width":18,"height":19,"formats":17,"hash":20,"ext":21,"mime":22,"size":23,"url":24,"previewUrl":17,"provider":25,"provider_metadata":17,"createdAt":26,"updatedAt":26,"publishedAt":26},276,"ns1dycmcy8eby82nudaixp17","logo.svg",null,303,57,"logo_9f7aa692ba",".svg","image/svg+xml",4.05,"https://assets.cybervadis.com/strapi/assets/logo_9f7aa692ba.svg","strapi-provider-upload-azure-storage","2025-04-10T15:46:43.920Z",{"id":28,"documentId":29,"name":30,"alternativeText":17,"caption":17,"width":31,"height":31,"formats":32,"hash":33,"ext":34,"mime":35,"size":36,"url":37,"previewUrl":17,"provider":25,"provider_metadata":17,"createdAt":38,"updatedAt":39,"publishedAt":38},122,"ngfzwjibdex3knh7ftwqfvjx","favicon.png",32,{},"favicon_032a9b11b1",".png","image/png",0.5,"https://assets.cybervadis.com/strapi/assets/favicon_032a9b11b1.png","2025-02-25T09:03:35.564Z","2025-02-25T11:54:37.400Z",{"id":41,"metaDescription":17,"metaImage":17,"metaTags":42,"scripts":43},1707,[],[44,46],{"id":45,"src":17,"tagPosition":17,"innerHTML":17,"defer":17},123,{"id":47,"src":17,"tagPosition":17,"innerHTML":17,"defer":17},124,{"id":5,"links":49},[50,75,98,103],{"id":51,"label":52,"to":53,"external":17,"target":17,"icon":17,"children":54},311,"Third-Party Risiken reduzieren","/third-party-risiken-reduzieren",[55,59,63,67,71],{"id":56,"label":57,"to":58,"external":17,"target":17,"icon":17,"display":17},8311,"Automatisierte Risikoanalysen","/third-party-risiken-reduzieren/automatisierte-risikoanalysen",{"id":60,"label":61,"to":62,"external":17,"target":17,"icon":17,"display":17},8312,"Evidenzbasierte Risikobewertung","/third-party-risiken-reduzieren/evidenzbasierte-risikobewertung",{"id":64,"label":65,"to":66,"external":17,"target":17,"icon":17,"display":17},8313,"Gemeinsame Risikoreduzierung","/third-party-risiken-reduzieren/gemeinsame-risikoreduzierung",{"id":68,"label":69,"to":70,"external":17,"target":17,"icon":17,"display":17},8314,"Framework-basierte Methodik","/third-party-risiken-reduzieren/framework-basierte-methodik",{"id":72,"label":73,"to":74,"external":17,"target":17,"icon":17,"display":17},8315,"Preise","/third-party-risiken-reduzieren/preise",{"id":76,"label":77,"to":78,"external":17,"target":17,"icon":17,"children":79},312,"Jetzt bewertet werden","/jetzt-bewertet-werden",[80,84,88,92],{"id":81,"label":82,"to":83,"external":17,"target":17,"icon":17,"display":17},8316,"So funktioniert es","/jetzt-bewertet-werden/so-funktioniert-es",{"id":85,"label":86,"to":87,"external":17,"target":17,"icon":17,"display":17},8317,"Individuelle Bewertungen","/jetzt-bewertet-werden/individuelle-bewertungen",{"id":89,"label":90,"to":91,"external":17,"target":17,"icon":17,"display":17},8318,"CyberVadis Badges","/jetzt-bewertet-werden/cybervadis-badges",{"id":93,"label":94,"to":95,"external":96,"target":97,"icon":17,"display":17},8319,"Help center (EN)","https://help.cybervadis.com/en/",true,"_blank",{"id":99,"label":100,"to":101,"external":17,"target":17,"icon":17,"children":102},310,"Ressourcen","/ressourcen",[],{"id":104,"label":105,"to":106,"external":17,"target":17,"icon":17,"children":107},313,"Über uns","/uber-uns",[108,112,116,120,124],{"id":109,"label":110,"to":111,"external":17,"target":17,"icon":17,"display":17},8320,"Warum CyberVadis","/warum-cybervadis",{"id":113,"label":114,"to":115,"external":17,"target":17,"icon":17,"display":17},8321,"Trust Center (EN)","/uber-uns/trust-center",{"id":117,"label":118,"to":119,"external":96,"target":97,"icon":17,"display":17},8322,"Careers (EN)","https://careers.cybervadis.com/",{"id":121,"label":122,"to":123,"external":17,"target":17,"icon":17,"display":17},8323,"Aktuelles","/de/aktuelles",{"id":125,"label":126,"to":127,"external":17,"target":17,"icon":17,"display":17},8324,"Kontakt","/uber-uns/kontakt",{"id":5,"info":17,"login":129,"button":134},{"id":130,"label":131,"to":132,"external":133,"target":17,"icon":17,"display":17},8325,"Demo buchen","/de/demo-anfordern",false,{"id":135,"icon":17,"label":131,"form":136,"display":133},1228,"demo",{"id":5,"newsletterTitle":138,"copyright":139,"legalLinks":140,"socialLinks":149},"Newsletter abonnieren","Urheberrecht © 2025. Alle Rechte vorbehalten.",[141,145],{"id":142,"label":143,"to":144,"external":17,"target":17,"icon":17,"display":17},8326,"Rechtliche Hinweise (EN)","/de/legal",{"id":146,"label":147,"to":148,"external":17,"target":17,"icon":17,"display":17},8327,"Datenschutzerklärung (EN)","/de/legal-notice",[150,155],{"id":151,"label":152,"to":153,"external":96,"target":97,"icon":154,"display":17},8328,"X","https://x.com/cybervadis","fa6-brands:x-twitter",{"id":156,"label":157,"to":158,"external":96,"target":97,"icon":159,"display":17},8329,"LinkedIn","https://www.linkedin.com/company/cybervadis/","fa6-brands:linkedin",{"id":161,"documentId":162,"name":163,"alternativeText":17,"caption":17,"width":164,"height":165,"formats":166,"hash":175,"ext":34,"mime":35,"size":176,"url":177,"previewUrl":17,"provider":25,"provider_metadata":17,"createdAt":178,"updatedAt":179,"publishedAt":180},242,"vrv61ssc0oc744hr7dgkqznu","Video Preview",1028,690,{"thumbnail":167},{"ext":34,"url":168,"hash":169,"mime":35,"name":170,"path":17,"size":171,"width":172,"height":173,"sizeInBytes":174},"https://assets.cybervadis.com/strapi/assets/thumbnail_Design_sans_titre_6_f21ca94567.png","thumbnail_Design_sans_titre_6_f21ca94567","thumbnail_Design sans titre (6).png",14.9,232,156,14897,"Design_sans_titre_6_f21ca94567",18.5,"https://assets.cybervadis.com/strapi/assets/Design_sans_titre_6_f21ca94567.png","2025-03-12T09:54:21.008Z","2025-03-12T09:54:35.444Z","2025-03-12T09:54:21.009Z",[182,188],{"id":183,"documentId":6,"titleSeparator":7,"title":8,"createdAt":184,"updatedAt":185,"publishedAt":186,"locale":187},68,"2025-02-19T11:28:33.351Z","2026-06-23T08:53:07.327Z","2026-06-23T08:51:33.204Z","en",{"id":189,"documentId":6,"titleSeparator":7,"title":8,"createdAt":190,"updatedAt":185,"publishedAt":191,"locale":192},69,"2025-06-17T20:29:42.853Z","2026-06-23T08:52:32.610Z","fr",{"id":183,"documentId":6,"titleSeparator":7,"title":8,"createdAt":184,"updatedAt":185,"publishedAt":186,"locale":187,"logo":194,"favicon":195,"seo":197,"navigation":226,"header":301,"footer":324,"videoPoster":341,"localizations":344},{"id":14,"documentId":15,"name":16,"alternativeText":17,"caption":17,"width":18,"height":19,"formats":17,"hash":20,"ext":21,"mime":22,"size":23,"url":24,"previewUrl":17,"provider":25,"provider_metadata":17,"createdAt":26,"updatedAt":26,"publishedAt":26},{"id":28,"documentId":29,"name":30,"alternativeText":17,"caption":17,"width":31,"height":31,"formats":196,"hash":33,"ext":34,"mime":35,"size":36,"url":37,"previewUrl":17,"provider":25,"provider_metadata":17,"createdAt":38,"updatedAt":39,"publishedAt":38},{},{"id":198,"metaDescription":17,"metaImage":199,"metaTags":218,"scripts":219},1705,{"id":200,"documentId":201,"name":202,"alternativeText":17,"caption":17,"width":203,"height":204,"formats":205,"hash":214,"ext":34,"mime":35,"size":215,"url":216,"previewUrl":17,"provider":25,"provider_metadata":17,"createdAt":217,"updatedAt":217,"publishedAt":217},284,"ntditjqus6ubg59uwiew5zqu","meta image by default.png",1200,630,{"thumbnail":206},{"ext":34,"url":207,"hash":208,"mime":35,"name":209,"path":17,"size":210,"width":211,"height":212,"sizeInBytes":213},"https://assets.cybervadis.com/strapi/assets/thumbnail_meta_image_by_default_5c51d0a0d5.png","thumbnail_meta_image_by_default_5c51d0a0d5","thumbnail_meta image by default.png",64.36,245,129,64355,"meta_image_by_default_5c51d0a0d5",210.02,"https://assets.cybervadis.com/strapi/assets/meta_image_by_default_5c51d0a0d5.png","2025-04-17T14:53:22.089Z",[],[220,222,224],{"id":221,"src":17,"tagPosition":17,"innerHTML":17,"defer":17},118,{"id":223,"src":17,"tagPosition":17,"innerHTML":17,"defer":17},119,{"id":225,"src":17,"tagPosition":17,"innerHTML":17,"defer":17},120,{"id":183,"links":227},[228,252,272,277],{"id":18,"label":229,"to":230,"external":17,"target":17,"icon":17,"children":231},"Mitigate third-party risks","/mitigate-third-party-risks",[232,236,240,244,248],{"id":233,"label":234,"to":235,"external":17,"target":17,"icon":17,"display":17},8273,"Automated Risk Insights","/mitigate-third-party-risks/automated-risk-insights",{"id":237,"label":238,"to":239,"external":17,"target":17,"icon":17,"display":17},8274,"Evidence-based risk assessment","/mitigate-third-party-risks/evidence-based-risk-assessment",{"id":241,"label":242,"to":243,"external":17,"target":17,"icon":17,"display":17},8275,"Collaborative Risk Reduction","/mitigate-third-party-risks/risk-reduction",{"id":245,"label":246,"to":247,"external":17,"target":17,"icon":17,"display":17},8276,"Framework-based methodology","/mitigate-third-party-risks/framework-based-methodology",{"id":249,"label":250,"to":251,"external":17,"target":17,"icon":17,"display":17},8277,"Pricing","/mitigate-third-party-risks/pricing",{"id":253,"label":254,"to":255,"external":17,"target":17,"icon":17,"children":256},304,"Get assessed ","/get-assessed",[257,261,265,269],{"id":258,"label":259,"to":260,"external":17,"target":17,"icon":17,"display":17},8278,"How it works","/get-assessed/how-it-works",{"id":262,"label":263,"to":264,"external":17,"target":17,"icon":17,"display":17},8279,"Standardized Assessments","/get-assessed/tailored-and-standardized-assessment",{"id":266,"label":267,"to":268,"external":17,"target":17,"icon":17,"display":17},8280,"CyberVadis Medals","/get-assessed/medals",{"id":270,"label":271,"to":95,"external":96,"target":97,"icon":17,"display":17},8281,"Help center",{"id":273,"label":274,"to":275,"external":17,"target":17,"icon":17,"children":276},302,"Resources","/resources",[],{"id":278,"label":279,"to":280,"external":17,"target":17,"icon":17,"children":281},305,"About us ","/about-us",[282,286,290,293,297],{"id":283,"label":284,"to":285,"external":17,"target":17,"icon":17,"display":17},8282,"Why CyberVadis","/why-cybervadis",{"id":287,"label":288,"to":289,"external":17,"target":17,"icon":17,"display":17},8283,"Trust center","/about-us/trust-center",{"id":291,"label":292,"to":119,"external":96,"target":97,"icon":17,"display":17},8284,"Careers",{"id":294,"label":295,"to":296,"external":17,"target":17,"icon":17,"display":17},8285,"In the news","/in-the-news",{"id":298,"label":299,"to":300,"external":17,"target":17,"icon":17,"display":17},8286,"Contact","/about-us/contact",{"id":183,"info":302,"login":317,"button":321},[303],{"type":304,"children":305},"paragraph",[306,309,315],{"text":307,"type":308},"Already a CyberVadis client ? ","text",{"url":310,"type":311,"children":312},"https://app.cybervadis.com/","link",[313],{"text":314,"type":308},"You can access your account here",{"text":316,"type":308},"",{"id":318,"label":319,"to":320,"external":133,"target":17,"icon":17,"display":17},8287,"Book a demo","/request-a-demo",{"id":322,"icon":17,"label":319,"form":323,"display":133},1226,"demo-enterprise",{"id":183,"newsletterTitle":325,"copyright":326,"legalLinks":327,"socialLinks":336},"Subscribe to newsletter","Copyright © 2025. All rights reserved.",[328,332],{"id":329,"label":330,"to":331,"external":17,"target":17,"icon":17,"display":17},8288,"Legal mentions","/legal",{"id":333,"label":334,"to":335,"external":17,"target":17,"icon":17,"display":17},8289,"Data privacy","/legal-notice",[337,339],{"id":338,"label":152,"to":153,"external":96,"target":97,"icon":154,"display":17},8290,{"id":340,"label":157,"to":158,"external":96,"target":97,"icon":159,"display":17},8291,{"id":161,"documentId":162,"name":163,"alternativeText":17,"caption":17,"width":164,"height":165,"formats":342,"hash":175,"ext":34,"mime":35,"size":176,"url":177,"previewUrl":17,"provider":25,"provider_metadata":17,"createdAt":178,"updatedAt":179,"publishedAt":180},{"thumbnail":343},{"ext":34,"url":168,"hash":169,"mime":35,"name":170,"path":17,"size":171,"width":172,"height":173,"sizeInBytes":174},[345,346],{"id":5,"documentId":6,"titleSeparator":7,"title":8,"createdAt":9,"updatedAt":10,"publishedAt":11,"locale":12},{"id":189,"documentId":6,"titleSeparator":7,"title":8,"createdAt":190,"updatedAt":185,"publishedAt":191,"locale":192},{"id":189,"documentId":6,"titleSeparator":7,"title":8,"createdAt":190,"updatedAt":185,"publishedAt":191,"locale":192,"logo":348,"favicon":349,"seo":351,"navigation":361,"header":434,"footer":441,"videoPoster":458,"localizations":461},{"id":14,"documentId":15,"name":16,"alternativeText":17,"caption":17,"width":18,"height":19,"formats":17,"hash":20,"ext":21,"mime":22,"size":23,"url":24,"previewUrl":17,"provider":25,"provider_metadata":17,"createdAt":26,"updatedAt":26,"publishedAt":26},{"id":28,"documentId":29,"name":30,"alternativeText":17,"caption":17,"width":31,"height":31,"formats":350,"hash":33,"ext":34,"mime":35,"size":36,"url":37,"previewUrl":17,"provider":25,"provider_metadata":17,"createdAt":38,"updatedAt":39,"publishedAt":38},{},{"id":352,"metaDescription":17,"metaImage":353,"metaTags":356,"scripts":357},1706,{"id":200,"documentId":201,"name":202,"alternativeText":17,"caption":17,"width":203,"height":204,"formats":354,"hash":214,"ext":34,"mime":35,"size":215,"url":216,"previewUrl":17,"provider":25,"provider_metadata":17,"createdAt":217,"updatedAt":217,"publishedAt":217},{"thumbnail":355},{"ext":34,"url":207,"hash":208,"mime":35,"name":209,"path":17,"size":210,"width":211,"height":212,"sizeInBytes":213},[],[358,360],{"id":359,"src":17,"tagPosition":17,"innerHTML":17,"defer":17},121,{"id":28,"src":17,"tagPosition":17,"innerHTML":17,"defer":17},{"id":189,"links":362},[363,388,408,413],{"id":364,"label":365,"to":366,"external":17,"target":17,"icon":17,"children":367},307,"Atténuer les risques liés aux tiers","/attenuer-les-risques-lies-aux-tiers",[368,372,376,380,384],{"id":369,"label":370,"to":371,"external":17,"target":17,"icon":17,"display":17},8292,"Analyse automatisée des risques","/attenuer-les-risques-lies-aux-tiers/analyse-automatisee-des-risques",{"id":373,"label":374,"to":375,"external":17,"target":17,"icon":17,"display":17},8293,"Évaluation basée sur la revue de preuves","/attenuer-les-risques-lies-aux-tiers/evaluation-basee-sur-la-revue-de-preuves",{"id":377,"label":378,"to":379,"external":17,"target":17,"icon":17,"display":17},8294,"Réduction des riques","/attenuer-les-risques-lies-aux-tiers/reduction-des-risques",{"id":381,"label":382,"to":383,"external":17,"target":17,"icon":17,"display":17},8295,"Méthodologie basée sur un cadre de références","/attenuer-les-risques-lies-aux-tiers/methodologie-basee-sur-un-cadre-de-references",{"id":385,"label":386,"to":387,"external":17,"target":17,"icon":17,"display":17},8296,"Tarification","/attenuer-les-risques-lies-aux-tiers/tarification",{"id":389,"label":390,"to":391,"external":17,"target":17,"icon":17,"children":392},308,"Se faire évaluer","/se-faire-evaluer",[393,397,401,405],{"id":394,"label":395,"to":396,"external":17,"target":17,"icon":17,"display":17},8297,"Comment ça marche","/se-faire-evaluer/comment-ca-marche",{"id":398,"label":399,"to":400,"external":17,"target":17,"icon":17,"display":17},8298,"Évaluation standardisée","/se-faire-evaluer/evaluation-adaptee-et-standardisee",{"id":402,"label":403,"to":404,"external":17,"target":17,"icon":17,"display":17},8299,"Les médailles CyberVadis","/se-faire-evaluer/medailles",{"id":406,"label":407,"to":95,"external":96,"target":97,"icon":17,"display":17},8300,"Help Center (EN)",{"id":409,"label":410,"to":411,"external":17,"target":17,"icon":17,"children":412},306,"Ressources","/ressources",[],{"id":414,"label":415,"to":416,"external":17,"target":17,"icon":17,"children":417},309,"À propos","/a-propos",[418,422,425,427,431],{"id":419,"label":420,"to":421,"external":17,"target":17,"icon":17,"display":17},8301,"Pourquoi choisir CyberVadis","/pourquoi-choisir-cybervadis",{"id":423,"label":114,"to":424,"external":17,"target":17,"icon":17,"display":17},8302,"/a-propos/trust-center",{"id":426,"label":118,"to":119,"external":96,"target":97,"icon":17,"display":17},8303,{"id":428,"label":429,"to":430,"external":17,"target":17,"icon":17,"display":17},8304,"Actualités","/actualites",{"id":432,"label":299,"to":433,"external":17,"target":17,"icon":17,"display":17},8305,"/a-propos/contact",{"id":189,"info":17,"login":435,"button":439},{"id":436,"label":437,"to":438,"external":133,"target":17,"icon":17,"display":17},8306,"Réserver une démonstration","/demander-une-demo",{"id":440,"icon":17,"label":437,"form":136,"display":133},1227,{"id":189,"newsletterTitle":442,"copyright":443,"legalLinks":444,"socialLinks":453},"S'inscrire à la newsletter","Copyright © 2025. Tous droits réservés. ",[445,449],{"id":446,"label":447,"to":448,"external":17,"target":17,"icon":17,"display":17},8307,"Mentions légales (EN)","/fr/legal",{"id":450,"label":451,"to":452,"external":17,"target":17,"icon":17,"display":17},8308,"Confidentialité des données","/fr/legal-notice",[454,456],{"id":455,"label":152,"to":153,"external":96,"target":97,"icon":154,"display":17},8309,{"id":457,"label":157,"to":158,"external":96,"target":97,"icon":159,"display":17},8310,{"id":161,"documentId":162,"name":163,"alternativeText":17,"caption":17,"width":164,"height":165,"formats":459,"hash":175,"ext":34,"mime":35,"size":176,"url":177,"previewUrl":17,"provider":25,"provider_metadata":17,"createdAt":178,"updatedAt":179,"publishedAt":180},{"thumbnail":460},{"ext":34,"url":168,"hash":169,"mime":35,"name":170,"path":17,"size":171,"width":172,"height":173,"sizeInBytes":174},[462,463],{"id":5,"documentId":6,"titleSeparator":7,"title":8,"createdAt":9,"updatedAt":10,"publishedAt":11,"locale":12},{"id":183,"documentId":6,"titleSeparator":7,"title":8,"createdAt":184,"updatedAt":185,"publishedAt":186,"locale":187},[465,470,475,480,485],{"id":466,"documentId":467,"title":468,"slug":469},188,"o62i62wg25883odzqg4zrjm2","DORA et résilience numérique : le guide complet pour le secteur financier","dora-et-resilience-numerique-guide-complet-secteur-financier",{"id":471,"documentId":472,"title":473,"slug":474},186,"lsx1cxhuk49uctdtxlbkhh32","Conformité cyber tiers : quelles obligations avec la directive NIS2 ?","conformite-cyber-tiers-obligations-nis2",{"id":476,"documentId":477,"title":478,"slug":479},182,"pr6srbwx094xnnxkjdhux2ge","NIS2 et tiers critiques : obligations cyber 2026","nis2-et-tiers-critique",{"id":481,"documentId":482,"title":483,"slug":484},180,"nuoz9mm0n19qkkur5udoeery","Replay webinaire Panorama CyberVadis CESIN: Quelle maturité par rapport aux attendus NIS 2","replay-webinaire-panorama-cybervadis-cesin",{"id":486,"documentId":487,"title":488,"slug":489},176,"ec2tyjm5615mnv64a17mrh67","DORA et la gestion des risques cyber liés aux tiers : une approche structurée pour les entreprises","article-dora-et-la-gestion-des-risques-cyber-lies-aux-tiers",{"id":491,"documentId":492,"language":192,"title":493,"slug":494,"newsletter":96,"createdAt":495,"updatedAt":495,"publishedAt":496,"locale":192,"date":497,"description":498,"seo":499,"blockTableOfContents":17,"blocks":504,"localizations":813,"relatedArticles":817},184,"u8tmlc0e28hnmvuq9ic0uom2","Réglementation DORA : obligations, 5 piliers et gestion des tiers ICT","article-reglementation-dora","2026-06-22T20:19:06.570Z","2026-06-22T20:19:06.870Z","2026-06-08","La réglementation DORA impose aux entités financières de l'UE des obligations strictes sur la gestion des risques ICT et de leurs fournisseurs technologiques. Découvrez les 5 piliers, vos obligations et comment CyberVadis vous accompagne dans votre conformité.",{"id":500,"metaDescription":501,"metaImage":17,"metaTags":502,"scripts":503},1684,"DORA est en vigueur depuis janvier 2025. Découvrez les 5 piliers, vos obligations et l'impact sur vos prestataires ICT. Guide complet CyberVadis.",[],[],[505,619,693,742,768],{"__component":506,"id":507,"anchor":17,"badge":17,"title":17,"description":508,"features":618,"link":17},"block.text",1722,[509,515,524,530,536,542,548,552,556,560,564,568,572,576,615],{"type":510,"level":511,"children":512},"heading",2,[513],{"text":514,"type":308},"Points clés",{"type":516,"format":517,"children":518},"list","unordered",[519],{"type":520,"children":521},"list-item",[522],{"text":523,"type":308},"DORA (Digital Operational Resilience Act) est en vigueur depuis le 17 janvier 2025 pour toutes les entités financières de l'UE",{"type":516,"format":517,"children":525},[526],{"type":520,"children":527},[528],{"text":529,"type":308},"La réglementation repose sur 5 piliers, dont la gestion des risques ICT tiers; l'obligation la plus complexe à mettre en œuvre",{"type":516,"format":517,"children":531},[532],{"type":520,"children":533},[534],{"text":535,"type":308},"Les entités concernées doivent tenir un registre de tous leurs prestataires ICT et évaluer leur cybersécurité",{"type":516,"format":517,"children":537},[538],{"type":520,"children":539},[540],{"text":541,"type":308},"La différence fondamentale avec le RGPD : DORA porte sur la résilience opérationnelle, pas sur les données personnelles",{"type":516,"format":517,"children":543},[544],{"type":520,"children":545},[546],{"text":547,"type":308},"CyberVadis propose une évaluation basée sur les preuves qui répond directement aux exigences du Chapitre V de DORA",{"type":304,"children":549},[550],{"text":551,"type":308},"La réglementation DORA (Digital Operational Resilience Act) est un texte réglementaire européen qui impose aux entités financières de démontrer leur capacité à résister, répondre et se remettre de tout incident lié aux technologies de l'information et de la communication (ICT). En vigueur depuis le 17 janvier 2025, DORA concerne les banques, assureurs, établissements de paiement, sociétés de gestion et autres acteurs du secteur financier opérant dans l'Union européenne. Son originalité : elle place la gestion des prestataires ICT tiers au cœur des obligations de conformité. CyberVadis aide les équipes sécurité et conformité à répondre aux exigences du Chapitre V de DORA grâce à des évaluations de fournisseurs validées par des analystes experts.",{"type":510,"level":511,"children":553},[554],{"text":555,"type":308},"Qu'est-ce que la réglementation DORA ?",{"type":304,"children":557},[558],{"text":559,"type":308},"DORA, acronyme de Digital Operational Resilience Act, est une réglementation européenne adoptée en décembre 2022 et applicable depuis le 17 janvier 2025. Elle s'applique directement dans les 27 États membres sans nécessiter de transposition nationale; une spécificité importante par rapport à des directives comme NIS2.",{"type":304,"children":561},[562],{"text":563,"type":308},"Son objectif est de garantir que les entités financières peuvent maintenir leurs activités critiques même en cas d'incidents ICT graves : cyberattaques, pannes de systèmes, défaillances de prestataires technologiques. Selon le considérant 3 du réglementation, \"le secteur financier de l'UE dépend de plus en plus de technologies numériques et d'entreprises tierces pour la fourniture de services ICT critiques\".",{"type":304,"children":565},[566],{"text":567,"type":308},"Ce texte est la première réglementation européen à traiter de façon aussi exhaustive la résilience numérique opérationnelle du secteur financier, en couvrant à la fois la gestion des risques internes et celle des risques liés aux tiers ICT.",{"type":510,"level":511,"children":569},[570],{"text":571,"type":308},"Qui est concerné par DORA ?",{"type":304,"children":573},[574],{"text":575,"type":308},"Les entités soumises à DORA couvrent un large spectre du secteur financier :",{"type":516,"format":577,"children":578},"ordered",[579,583,587,591,595,599,603,607,611],{"type":520,"children":580},[581],{"text":582,"type":308},"Établissements de crédit (banques)",{"type":520,"children":584},[585],{"text":586,"type":308},"Établissements de paiement et de monnaie électronique",{"type":520,"children":588},[589],{"text":590,"type":308},"Entreprises d'investissement",{"type":520,"children":592},[593],{"text":594,"type":308},"Sociétés de gestion d'OPCVM et fonds d'investissement alternatifs",{"type":520,"children":596},[597],{"text":598,"type":308},"Compagnies d'assurance et de réassurance",{"type":520,"children":600},[601],{"text":602,"type":308},"Contreparties centrales et dépositaires centraux de titres",{"type":520,"children":604},[605],{"text":606,"type":308},"Prestataires de services sur crypto-actifs (PSCA)",{"type":520,"children":608},[609],{"text":610,"type":308},"Agences de notation de crédit",{"type":520,"children":612},[613],{"text":614,"type":308},"Prestataires de services de financement participatif",{"type":304,"children":616},[617],{"text":316,"type":308},[],{"__component":506,"id":620,"anchor":17,"badge":17,"title":17,"description":621,"features":692,"link":17},1723,[622,626,630,634,638,642,646,654,688],{"type":510,"level":511,"children":623},[624],{"text":625,"type":308},"Quelles sont les obligations des entités financières ?",{"type":304,"children":627},[628],{"text":629,"type":308},"Au-delà des 5 piliers, DORA génère des obligations opérationnelles concrètes que les équipes conformité et sécurité doivent mettre en œuvre.",{"type":304,"children":631},[632],{"text":633,"type":308},"Sur la gouvernance, l'organe de direction est directement responsable de la stratégie de résilience numérique. Les dirigeants peuvent être tenus personnellement responsables en cas de manquement; une disposition qui a considérablement accru l'attention portée à DORA au plus haut niveau.",{"type":304,"children":635},[636],{"text":637,"type":308},"Sur les systèmes, les entités doivent cartographier l'ensemble de leur patrimoine ICT, identifier les actifs critiques et maintenir une documentation à jour. Selon une estimation de la Commission européenne, une banque de taille moyenne s'appuie en moyenne sur plus de 5 000 prestataires ICT et le champ des obligations est donc considérable.",{"type":304,"children":639},[640],{"text":641,"type":308},"Sur les incidents, le calendrier de notification est non négociable : toute entité qui rate les délais s'expose à des sanctions de la part de son autorité nationale compétente (ACPR en France, BaFin en Allemagne par exemple).",{"type":510,"level":511,"children":643},[644],{"text":645,"type":308},"DORA et la gestion des tiers ICT : l'obligation centrale",{"type":304,"children":647},[648,650,652],{"text":649,"type":308},"Le ",{"bold":96,"text":651,"type":308},"Chapitre V",{"text":653,"type":308}," de DORA est celui qui génère le plus de travail opérationnel pour les équipes sécurité et achats. Il impose quatre grandes obligations :",{"type":516,"format":577,"children":655},[656,662,672,678],{"type":520,"children":657},[658,660],{"bold":96,"text":659,"type":308},"Le registre des prestataires ICT",{"text":661,"type":308}," : chaque entité doit tenir un registre complet et actualisé de tous ses prestataires ICT avec, pour chacun, une classification selon sa criticité pour les fonctions essentielles de l'entité. Ce registre doit être transmis aux autorités de supervision sur demande.",{"type":520,"children":663},[664,666,668,670],{"bold":96,"text":665,"type":308},"L'évaluation préalable et continue",{"text":667,"type":308}," : avant de contractualiser avec un nouveau prestataire ICT, l'entité doit évaluer ses risques de cybersécurité. Cette évaluation doit ensuite être maintenue de façon continue; pas seulement au moment du contrat. Selon le rapport IBM Cost of a Data Breach 2024, ",{"bold":96,"text":669,"type":308},"le coût moyen d'une violation de données impliquant un tiers atteint 4,88 millions de dollars",{"text":671,"type":308},", ce qui justifie pleinement l'obligation d'évaluation continue imposée par DORA.",{"type":520,"children":673},[674,676],{"bold":96,"text":675,"type":308},"Les obligations contractuelles",{"text":677,"type":308}," : DORA définit une liste de clauses obligatoires dans les contrats avec les prestataires ICT : droit d'audit, niveaux de service (SLA), plans de sortie, obligations de notification en cas d'incident. Les contrats existants doivent être mis en conformité.",{"type":520,"children":679},[680,682,684,686],{"bold":96,"text":681,"type":308},"Les prestataires ICT critiques (CTPP)",{"text":683,"type":308}," : pour les prestataires jugés critiques au niveau européen (désignés par les autorités de supervision), DORA prévoit un cadre de surveillance spécifique. D'après l'ENISA, les incidents impliquant des prestataires ICT critiques ont augmenté de ",{"bold":96,"text":685,"type":308},"42% entre 2022 et 2024",{"text":687,"type":308}," dans le secteur financier européen.",{"type":304,"children":689},[690],{"text":691,"type":308},"C'est précisément sur ce Chapitre V que CyberVadis intervient. Notre plateforme permet d'évaluer la posture de cybersécurité de chaque prestataire ICT avec des preuves vérifiées par nos analystes, et non un simple score automatisé, pour satisfaire les exigences documentaires attendues par les superviseurs.",[],{"__component":694,"id":695,"anchor":17,"size":696,"smallPadding":17,"badge":17,"title":17,"description":697,"fit":719,"align":720,"backgroundColor":721,"features":722,"link":17,"image":723},"block.text-image-with-editor",147,"md",[698,702,708,711],{"type":510,"level":511,"children":699},[700],{"text":701,"type":308},"Quelle est la différence entre DORA et le RGPD ?",{"type":304,"children":703},[704,706],{"text":705,"type":308},"C'est la question la plus fréquemment posée par les équipes juridiques et conformité. La réponse est simple : ",{"bold":96,"text":707,"type":308},"DORA et le RGPD ont des objectifs et des périmètres fondamentalement différents.",{"type":304,"children":709},[710],{"text":316,"type":308},{"type":304,"children":712},[713,715,717],{"text":714,"type":308},"Les deux réglementations sont ",{"bold":96,"text":716,"type":308},"complémentaires et non alternatives",{"text":718,"type":308}," : une banque doit être conforme à DORA ET au RGPD. Un prestataire ICT peut être concerné par les deux : DORA pour ses pratiques de cybersécurité, RGPD s'il traite des données personnelles pour le compte de l'entité financière.","object-cover","left","white",[],{"id":724,"documentId":725,"name":726,"alternativeText":17,"caption":17,"width":727,"height":728,"formats":729,"hash":737,"ext":34,"mime":35,"size":738,"url":739,"previewUrl":17,"provider":25,"provider_metadata":17,"createdAt":740,"updatedAt":741,"publishedAt":740},267,"chlrwm77juzrecqw9s61uwfb","texteimage small logo dora.png",660,620,{"thumbnail":730},{"ext":34,"url":731,"hash":732,"mime":35,"name":733,"path":17,"size":734,"width":735,"height":173,"sizeInBytes":736},"https://assets.cybervadis.com/strapi/assets/thumbnail_texteimage_small_logo_dora_6d099927e5.png","thumbnail_texteimage_small_logo_dora_6d099927e5","thumbnail_texteimage small logo dora.png",15.18,166,15181,"texteimage_small_logo_dora_6d099927e5",15.08,"https://assets.cybervadis.com/strapi/assets/texteimage_small_logo_dora_6d099927e5.png","2025-03-25T14:34:16.428Z","2025-03-26T12:58:32.378Z",{"__component":743,"id":744,"size":696,"title":745,"description":746,"backgroundColor":747,"heading":748,"contactForm":17,"contactFormTitle":17,"form":17,"link":17,"button":17,"image":749},"block.cta",1069,"Vous voulez en savoir plus ?","Découvrez comment CyberVadis vous aide à satisfaire les exigences de DORA. ","light-blue","h1",{"id":750,"documentId":751,"name":752,"alternativeText":17,"caption":17,"width":753,"height":754,"formats":755,"hash":763,"ext":34,"mime":35,"size":764,"url":765,"previewUrl":17,"provider":25,"provider_metadata":17,"createdAt":766,"updatedAt":766,"publishedAt":767},199,"ac5lv1u1fef15tbdb1aum67d","E2x4.png",3144,2060,{"thumbnail":756},{"ext":34,"url":757,"hash":758,"mime":35,"name":759,"path":17,"size":760,"width":761,"height":173,"sizeInBytes":762},"https://assets.cybervadis.com/strapi/assets/thumbnail_E2x4_71e27881d8.png","thumbnail_E2x4_71e27881d8","thumbnail_E2x4.png",83.57,238,83572,"E2x4_71e27881d8",1858.23,"https://assets.cybervadis.com/strapi/assets/E2x4_71e27881d8.png","2025-02-25T16:11:17.077Z","2025-02-25T16:11:17.078Z",{"__component":769,"id":770,"headline":17,"title":771,"description":17,"backgroundColor":721,"items":772},"block.faq",507,"Questions fréquentes",[773,781,789,797,805],{"id":774,"label":775,"content":776},1794,"Q : Quel est l'objectif principal de la réglementation DORA ?",[777],{"type":304,"children":778},[779],{"text":780,"type":308},"R : DORA vise à renforcer la résilience opérationnelle numérique du secteur financier européen. Il impose aux banques, assureurs et autres entités financières de démontrer qu'elles peuvent maintenir leurs activités critiques face à des incidents ICT graves, qu'ils soient d'origine interne ou liés à un prestataire technologique. DORA est en vigueur depuis le 17 janvier 2025.",{"id":782,"label":783,"content":784},1795,"Q : Quelles entreprises sont exonérées d'appliquer DORA ?",[785],{"type":304,"children":786},[787],{"text":788,"type":308},"R : Les micro-entreprises (moins de 10 salariés et chiffre d'affaires annuel inférieur à 2 millions d'euros) bénéficient d'un régime allégé. Certaines entités comme les gestionnaires de fonds alternatifs sous seuil ou les petits établissements de paiement peuvent également bénéficier de dérogations partielles. Les entités hors secteur financier ne sont pas concernées par DORA.",{"id":790,"label":791,"content":792},1796,"Q : Quelle est la date d'application de DORA ? ",[793],{"type":304,"children":794},[795],{"text":796,"type":308},"R : DORA est applicable depuis le 17 janvier 2025 dans l'ensemble des États membres de l'UE. Les entités concernées devaient être en conformité à cette date. Les autorités nationales de supervision ont commencé leurs premiers contrôles de conformité courant 2025.",{"id":798,"label":799,"content":800},1797,"Q : DORA s'applique-t-il aux prestataires ICT eux-mêmes ?",[801],{"type":304,"children":802},[803],{"text":804,"type":308},"R : Oui, indirectement. Les prestataires ICT qui fournissent des services à des entités financières sont soumis aux clauses contractuelles imposées par DORA (Article 30) : droit d'audit, obligations de notification d'incident, SLA. Les prestataires ICT désignés \"critiques\" au niveau européen font l'objet d'un cadre de surveillance direct par les autorités de supervision.",{"id":806,"label":807,"content":808},1798,"Q : Quelle est la différence entre DORA et NIS2 pour un établissement financier ?",[809],{"type":304,"children":810},[811],{"text":812,"type":308},"R : Un établissement financier peut être concerné par les deux textes. DORA est lex specialis : en cas de conflit, DORA prévaut sur NIS2 pour les entités financières. En pratique, une conformité DORA bien construite couvre et dépasse les exigences NIS2 pour le secteur financier.",[814],{"id":815,"documentId":492,"slug":816,"locale":187},163,"article-dora-regulation",[],1782395078356]