Question ID: DORA019 - 2959
Regulation Reference: (EU) 2022/2554 - Digital Operational Resilience Act (DORA)
Topic: Other DORA topics
Article: 3(22)
Status: Final
Date of submission: 18 Jan 2024
Question
I analyzed DORA and I have a couple of questions:
1. Can you share a definition of what DORA understand by "function"?
2. May you share several examples of functions that must be mapped with assets ITC, vendors and ITC services?
Background of the question
To understand the meaning of the main concepts of DORA
EIOPA answer
In line with recital 10 of ITS 2024/2956 refers to "Each financial entity, […], have their own internal taxonomy of functions depending on their specific business models and internal organisations.” DORA does not define ‘function’ to enable flexibility for the financial entities (FEs) to identify their functions in accordance with their operational and organisational framework.
Without prejudice to recital (70) and Article 3(22) of Regulation (EU) 2022/2554, functions correspond to activities, services, processes or operations (or clusters of them). Functions may include:
- those directly tied to the FE’s core business activities; and
- those to be categorized as ‘support functions’ which enable the core activities to operate effectively.
Among all of the FE’s functions, the FE must designate those deemed critical or important functions as defined in Article 3(22) of Regulation (EU) 2022/2554.