Versa Blog
Product & Engineering

Understanding DORA Compliance with Versa 

dhiraj-sehgal
By Dhiraj Sehgal
Senior Director, Product Marketing
September 16, 2025
in
Share
Follow

What is DORA (Digital Operational Resilience Act)?

The Digital Operational Resilience Act (DORA) is a European Union regulation for financial organizations and information and communications technology (ICT) providers. Its goal is to  ensure greater stability in the financial industry by strengthening the operational resilience of EU financial entities against ICT-related disruptions and cyber attacks. 

DORA compliance is mandatory as of January 17, 2025 and applies to a wide range of entities operating in the EU financial sector. These entities include banks, insurance companies, investment firms, and other financial market participants. DORA also applies to ICT third-party service providers that deliver critical technology or operational services to these entities, such as major cloud infrastructure providers and data centers. In essence, any organization whose operations or services are essential to the continuity, security, or resilience of EU financial institutions can fall within DORA’s scope. 

The Five Pillars of DORA and Oversight

DORA establishes a comprehensive framework structured around five pillars: 

  1. ICT Risk Management

    Financial entities must establish a comprehensive ICT risk management framework. The framework must include clear strategies for prevention, detection, incident response, recovery, and business continuity planning. As part of this framework, organizations must also detail key dependencies on ICT third-party service providers.

  2. ICT Incident Management and Reporting

    Financial entities must have an ICT incident management process that includes procedures to identify, track, log, categorize ICT-related incidents according to the severity and services impacted. ICT-related incidents must be reported to regulators promptly using standardized templates. The goal is to improve transparency, accelerate the identification of systemic risks, and enable coordinated responses across the EU.

  3. Digital Operational Resilience Testing

    Organizations must conduct regular testing to evaluate the resilience of ICT systems, with all critical tools and applications tested annually. All firms must perform basic resilience testing, while organizations classified as critical are required to conduct advanced threat-led penetration testing (TLPT) every three years. 

  4. ICT Third-Party Risk Management

    Organizations must manage risks arising from their reliance on third-party service providers such as cloud, hosting, and infrastructure services. These risks must be outlined in an ICT third-party risk strategy reviewed regularly. Provisions are designed to reduce dependency risks and ensure service continuity.

  5. Cyber Threat Information Sharing

    DORA promotes the exchange of cyber threat intelligence among financial entities to strengthen sector-wide resilience. By sharing information on emerging threats and vulnerabilities, firms can better prepare for potential risks.

Oversight of Critical Third-Party Providers 

Besides the five framework pillars, DORA has also introduced an oversight framework for designating “critical” ICT third-party providers such as cloud services and data hosting companies.  These critical ICT providers are subject to oversight by the European Supervisory Authorities (ESAs) who can conduct inspections, audits, and issue recommendations to mitigate risks associated with the providers. 

How Versa Helps Achieve DORA Compliance 

Versa Networks provides integrated networking and security services through our VersaONE Universal SASE platform, which include our SD-WAN, SSE, and SASE products. As a key technology and security provider, our solutions help customers achieve and maintain DORA compliance.

Versa’s can help in the pillars of ICT Risk Management (Pillar 1) and ICT Incident Management and Reporting (Pillar 2) in areas of threat detection, prevention, and reporting: 

Versa Capabilities for ICT Risk Management (Ch II, Articles 6-14)

  • Zero Trust Access and Segmentation: Enforcement of consistent access policies between users, applications, and workloads, reducing the risk of unauthorized access or lateral movement.  
  • Resilient and Redundant Connectivity: Network continuity and availability through SD-WAN capabilities designed for failover and high performance. (Articles 6, 7, 11, 12) 
  • Advanced Security: Integrated threat prevention, detection, and policy enforcement through SSE product suite including Advanced Threat Protection (ATP), Cloud Access Security Broker (CASB), Secure Web Gateway (SWG), and Next Generation Firewall (NGFW) for detection, protection, and prevention. (Articles 9, 10) 
  • Simplified Management: Single-pane-of-glass management, visibility, and reporting capable of identifying and categorizing users and devices. End user notifications also configurable here. (Articles 8, 13, 14) 

Versa Capabilities for ICT Incident Management and Reporting (Ch III, Articles 18, 19, 24)

  • Visibility and Monitoring: End-to-end observability across WAN, cloud, and edge environments to detect risks and maintain compliance with monitoring obligations. (Articles 18, 19, 24) 
  • Analytics and Reporting: Provides telemetry, logs, analytics, and risk events supporting regulatory reporting obligations for ICT-related incidents. (Articles 18, 19, 24)  

By consolidating networking and security into a unified architecture, Versa enables organizations to strengthen their digital resilience while simplifying operations. This integrated approach helps financial entities meet DORA’s requirements for ICT governance, resilience, and oversight without adding additional management overhead. 

Finally, while Versa is not directly subject to DORA, we maintain a strong commitment to compliance and security. Our Security and Trust Center outlines the policies, controls, and practices we have in place to safeguard our operations and customer environments. These measures ensure that our technology does not introduce unnecessary risk, supporting the resilience and trust our clients expect. 

Versa Networks delivers the secure, resilient, and intelligent infrastructure needed to meet DORA requirements to ensure that financial sector customers can withstand and recover from ICT disruption. By leveraging Versa’s integrated SASE, SD-WAN, and SSE capabilities, organizations can achieve greater operational resilience while aligning with the objectives of DORA. 

Learn more about how Versa supports compliance and digital resilience with VersaONE Universal SASE.  

Learn more about Versa’s security practices and compliance in our Security and Trust Center.  

Recent Posts

Dhiraj Sehgal
When Words Become Weapons: How Versa SASE Helps Mitigate Prompt Injection 
By Dhiraj Sehgal
October 28, 2025
Maurice Landrum
Versa and Microsoft Entra Join forces to Deliver Secure Access for the SaaS Era 
By Maurice Landrum
October 21, 2025
Dhiraj Sehgal
Operationalizing Secure Connectivity: From Versa SD-WAN to Tufin-Driven Policy Automation
By Dhiraj Sehgal
October 16, 2025
Dhiraj Sehgal
Why VPNs Are a Ransomware Risk: Switch to Zero Trust
By Dhiraj Sehgal
October 14, 2025
Rajesh Kari
AI-Era Networking: Why Deep, Real-Time Visibility Is Now Non-Negotiable
By Rajesh Kari
October 9, 2025


Topics



Top Tags

5G NetworkAccoladesAdvanced Threat ProtectionAIAI SecurityApplianceartificial intelligenceATPAWSbranch officesCASBCloud deploymentsCloud migrationCloud securityCloud-hosted WorkloadsComplianceCOVID-19cyber securitydata breachesdata securityDeep Packet InspectionDIADigital TransformationDLPGartnerGenAIGenerative AI SecurityHTTPIdentityInternet of ThingsIoTLTEMachine LearningMalwareMicro-SegmentationMicrosoftModern NetworkModern Secure NetworkMPLSMulti-Tenancynetwork securitynetworkingNext Generation FirewallNGFWOTPartner ProgramPatch TuesdayRansomewareSASESD-LANSD-WANSD-WAN ArchitectureSDWANSecure Internet AccessSecure Remote AccessSecuritySecurity BulletinSoftware-defined LANSoftware-defined WANSolarwindsSovereign SASESSESWGTCP OptimizationThreat DetectionTraffic SteeringTrainingUnified SASEUnified Zero Trust NetworkingUS-CERTVersaVersa SASEVersa Secure SD-WANVersa TitanVersatility ConferenceVPN AlternativeWAN EdgewebinarWFHWork From HomeZero TrustZero Trust EverywhereZero Trust Network Access (ZTNA)ZTNA vs VPN

Gartner Research Report

2025 Gartner® Magic Quadrant™ for SASE Platforms

Versa has for the third consecutive year been recognized in the Gartner Magic Quadrant for SASE Platforms and is one of 11 vendors included in this year's report.