DORA: guaranteeing an effective Exit Strategy

Interview with Luc Halbardier Senior Development Specialist Cloud, DEEP and Sebastien Genco, Partner, Deloitte Luxembourg

To help cloud-based financial services providers comply with DORA and support their operational resilience, Deloitte and DEEP are implementing an innovative ‘Exit Strategy’ solution.

From 17 January, financial institutions will have to comply with new requirements designed to ensure their operational resilience. In particular, the new DORA regulation, adopted by the European Union, requires players wishing to rely on cloud solutions to have an exit strategy.

‘When an organisation wants to implement cloud solutions, it needs to ensure that it can get out of them if necessary. The challenge is to ensure that it does not become dependent on a third-party operator and that it can repatriate its data and applications for deployment elsewhere,’ comments Sébastien Genco, Partner at Deloitte Luxembourg.

Deloitte and DEEP have set up an original collaboration to enable Luxembourg players to respond effectively to these requirements. ‘By drawing on Deloitte's business expertise and our group's technological capabilities, we have succeeded in developing an approach that ensures that players can meet the expectations of the new regulations and have a genuine Exit as a service solution at their disposal, guaranteeing that they can effectively define and execute, where necessary, their exit strategy’, comments Luc Halbardier, Senior Development Specialist Cloud at DEEP.

The solution provides for the company's digital assets to be repatriated to DEEP's cloud platform according to a pre-defined plan, should the need arise. To achieve this, the Deloitte and DEEP teams work with the company to define its exit strategy. ‘Starting with an analysis of the customer's IT environment, the aim is to take a series of appropriate measures to guarantee a controlled exit, taking care to avoid any service interruptions and seeking to optimise budgets’, continues Sébastien Genco.

As well as putting the plan in place, it will be executed in the form of a test to ensure that it works properly. ‘Depending on the organisation's wishes, it is possible to maintain a connection between the customer and the hosting environment prepared at DEEP's infrastructure, with a view to carrying out regular tests. If the customer so wishes, this established environment can also be integrated as part of the continuity plan (BCP/DRP), with continuous synchronisation of data’, adds Luc Halbardier.