Speak to a rep about your business needs
See our product support options
General inquiries and locations
Contact UsDORA regulations fortify mainframe operations and ensure resilience to shield your organization from financial penalties and reputational risks.
“With new regulations like the Digital Operational Resilience Act (DORA) in Europe, resilience is now a legal mandate. The conclusion is clear: Operations teams must rise to the challenge of modern mainframe resilience.”
Jason Bloomberg, Intellyx – Founder & Principal AnalystWhy is DORA happening?
The 5 pillars of DORA are:
ICT risk management and governance
This requirement involves strategizing, assessing, and implementing controls. Accountability spans all levels, with entities expected to prepare for disruptions. Plans include data recovery, communication strategies, and measures for various cyber risk scenarios.
Incident reporting
Entities must establish systems for monitoring, managing, and reporting ICT incidents. Depending on severity, reports to regulators and affected parties may be necessary, including initial, progress, and root cause analyses.
Digital operational resilience testing
Entities must regularly test their ICT systems to assess protections and identify vulnerabilities. Results are reported to competent authorities, with basic tests annually and threat-led penetration testing (TLPT) every three years.
Third-party risk management
Financial firms must actively manage ICT third-party risk, negotiating exit strategies, audits, and performance targets. Compliance is enforced by competent authorities, with proposals for standardized contractual clauses under exploration.
Information sharing
Financial entities are urged by the DORA to develop incident learning processes, including participation in voluntary threat intelligence sharing. Shared information must comply with relevant guidelines, safeguarding personally identifiable information (PII) under the EU's General Data Protection Regulation (GDPR).
The Digital Operational Resilience Act’s core principles ensure that financial institutions understand their entire IT landscape, including their third-party service suppliers, and can identify potential vulnerabilities and risks and implement robust automated strategies to protect their systems, data, and customers from cyberthreats and other disruptions.
While the DORA regulatory focus is on ICT and third-party risk management, incident reporting, resilience testing, and information sharing, firms with mainframe systems should also consider the following:
Implement regular health checks, automated maintenance tasks, and predictive alarms based on workload patterns.
Conduct regular vulnerability assessments, security control enhancements, real-time monitoring, and penetration testing to identify and remediate vulnerabilities unique to the mainframe architecture.
Develop robust recovery plans and automated backup solutions that include detailed procedures for various failure scenarios.
Seamlessly integrate mainframe monitoring alerts into the overall enterprise service console to provide a unified view of incidents and effectively manage them across the organization.
Enforce compliance with vulnerability evaluations, compliance checks, and continuous adherence to regulatory standards to safeguard mainframe systems from potential fines and reputational risks.
DORA outlines five considerations for rapid response, recovery, and compliance that align with the aforementioned key aspects of DORA as they relate to the mainframe.
Identify
Understanding risk to systems, people, assets, data, and capabilities, including business context, policies, and vulnerabilities.
Protect
Ensure safeguards to limit or contain the impact of a potential cybersecurity event. Fortify defenses to ensure the integrity and security of critical data and systems.
Detect
Discover cybersecurity events and anomalies in real time and understand their potential impact. Identify and understand potential threats for swift mitigation.
Respond
Take action to limit the impact of cybersecurity events and anomalies. Well-defined response mechanisms and protocols in place.
Recover
Restore data, systems, and operations to normal conditions. Ensure systems can bounce back efficiently and effectively.
BMC offers a range of solutions that address the full scope of the five focus areas outlined above, as well as specific sub-focus areas within each, as follows.
Identify and control problems quickly with a single view and unite AIOps processes across the business with data sharing.
Improve productivity, increase system availability, manage alarms and events generated by monitor components, and automate mainframe event data integration for your operations management systems.
Detect problems and generate notifications before they impact the business with an AI solution that conducts multivariate analysis for all KPIs simultaneously and is continuously learning.
BMC AMI Command Center for Security and BMC AMI Datastream
Reduce risk, strengthen your security posture, and stop threats before the threaten your environment with configurations and recommendations designed by mainframe hacking experts.
BMC AMI Security Session Monitor
Deter insider threats by capturing and analyzing start-to-finish user session activity that provides deep insight into user behaviors; identify and reduce cybersecurity threats with unique methodologies.
BMC AMI Enterprise Connector for Illumio
Identify and control network traffic by automatically converting Illumio micro segmentation rules into TCP/IP mainframe rules to increase productivity and security.
BMC Mainframe Services: Penetration Testing
Get regular and ongoing professional checkups that include security evaluations via a simulated “real-world” attack from an experienced BMC pentesting team.
BMC Mainframe Services: Mainframe SWIFT Assessment Service
Reduce the risk of internal and external attacks with a review by BMC specialists who can reveal weaknesses and vulnerabilities so you can plug gaps in your defenses and secure your mainframe.
Assure your required resources are available for recovery by estimating and simulating recovery scenarios and automating, accelerating, and streamlining backup and recovery jobs.
Check the data integrity of all unstructured or line of business (LOB) objects and data and fix any correctable errors.
BMC AMI Backup and Recovery for IMS™
Estimate, simulate, and educate your team about recovery scenarios to ensure compliance and meet your recovery time objectives (RTOs) with point in time (PIT) recovery capabilities.
BMC AMI Command Center for Security
Leverage this integrated solution set to identify the time of an attack, identify the golden copy back up, and restore the database after the last clean backup to with minimal data loss. Recover anywhere even if the primary site was compromised.
Use object storage data protection capabilities like immutable copies and back up a third, or “golden” copy to, and recover directly from, the cloud with no dependency on a compromised system.
BMC Helix Continuous Optimization for Mainframes and BMC AMI Capacity Management
Proactively diagnose and prevent capacity-driven performance problems, validate system investments, right-size your environment, and reduce costs with accurate, comprehensive performance monitoring.
BMC AMI Database Integrity for IMS™
Protect the integrity of your IMS data by addressing the most common cause of IMS database problems, cross-referencing control block libraries, and auditing database definition (DBD) libraries.
BMC AMI Message Advisor for IMS™
Automatically monitor and manage IMS message queues to reduce restart times, prevent IMS outages, and improve IMS availability.
BMC AMI Command Center Security
Prevent and mitigate cyberattacks with AI-enabled, real-time behavioral analytics that identify known indicators of compromise (IOCs) and automated responses. Pinpoint the source and time of attacks, enabling identification of the golden copy from which to recover.
Automate event integration and send mainframe event data to BMC Helix Operations Management or other enterprise-wide operations management systems.
BMC AMI Security Policy Manager
Harden the mainframe from attacks and quickly uncover and address security gaps before a compromise or exploit can occur with automatic configuration scanning, recommendations, and reporting.
BMC AMI Command Center Security
Recognize suspicious user behavior and identify possible cyberattacks and ransomware threats in real time with AI-enabled tools.
Simplify the complex task of preparing data for testing without writing programs or scripts and without leaving the streamlined interface. Ensure data integrity based on referential integrity or application relationships, and mask sensitive test data.
BMC AMI Enterprise Connector for Venafi
Improve quality and reduce time and manual certificate management with an automated approach that can implement and deploy hundreds to thousands of certificates every month.
We know you have a lot to juggle, so we’ll get back to you as soon as possible. The more you can tell us about your unique business needs, the faster we can guide you to the right solution.
Whether you’re in the early stages of product research, evaluating competitive solutions, or just trying to scope your needs to begin a project, we’re ready to help you get the information you need.
BMC has helped many of the world’s largest businesses automate and optimize their IT environments. Let’s put that experience to work for your organization.