Testing for digital resilience can be good for business
Automated testing can be critical to the ability of banks to meet the compliance requirements of the EU’s new Digital Operational Resilience Act (DORA), according to Roberto Vigo, head of QA at Nordea, the Nordic universal bank. Vigo will be describing Nordea’s route to continuous testing at a time when the EU’s landmark new requirements are shaping standards in digital resilience in a QA Financial webinar you can join on May 21st.
Vigo will describe how preparation for DORA has been coupled with the adoption of new DevOps technologies and accelerated the “shift left” in software development and testing at Nordea. He will be joined in the webinar by Michael Kissel, principal solution architect at Tricentis, the leading enterprise test automation specialist, which is partnering with QA Financial to produce the webinar.
With DORA now officially in force since January 17 this year, a new era of regulatory scrutiny has begun for financial institutions. DORA mandates a sweeping, risk-based approach to information and communication technology management, one that few firms are fully prepared to meet.
The webinar will focus on how automated performance and penetration testing can become a cornerstone of a financial firm’s risk-based strategy for compliance—not just with DORA, but with the evolving global matrix of standards for IT risk management.
Drilling down into the details, Roberto will be paying special attention to DORA compliance reporting requirements for performance testing and cyber-risk management, and how test reporting can be automatically embedded into the CI/CD pipeline.
“DORA compliance has also become a marketing opportunity,” Vigo told QA Financial. “We can brand ourselves as embracing the regulation and doing what it requires us to do.”
In the upcoming webinar, Vigo will explain how preparing for DORA has led Nordea to embrace a broader view of non-functional testing, incorporating more benchmarks for enterprise resilience. Testing tools that were used solely by the quality assurance team are now shared across DevOps teams at Nordea, and DORA has added new meaning to the drive to “shift left”.
“The most challenging aspect of compliance is the uplift and the education of the wider community within the firm,” Vigo said. “In a way, DORA has simply codified a lot of things we already knew. What is important that is new is the need to integrate the rules within the other IT capabilities and the business functions of the bank. And one thing that has become more clear under DORA is that we need testing tools that can be used beyond the testing community and that can be adopted by developers.”
There is no doubt that DORA sets a far higher bar for digital resilience. Beyond documenting and demonstrating IT risk policies, firms must demonstrate real-world ability to withstand disruptions, including the processes for reporting severe incidents, conducting regular IT stress tests, and continuously monitoring third-party ICT providers, including those offering DevOps and cloud services.
“Under DORA we need testing tools that can be used beyond the testing community.”
– Roberto Vigo
Firms must increasingly prioritise testing resources on applications and networks that are most critical. And this is where automated testing can play a critical role in risk-based testing by helping to constantly evaluate changes to critical software; identify vulnerabilities and feed that information data directly into incident management systems.
Risk-based testing is in the DNA of Tricentis, as Michael Kissel, principal solution architect at the company, will explain in the webinar. While DORA does not necessarily require new testing tools, it does require a new perspective on risk and an understanding of how minor changes to software – or a single new app release – can lead to unforeseen and wider impacts on performance.
For financial institutions still scrambling to meet DORA standards, Tricentis has set out a practical framework for risk-based testing, with a focus on performance testing, which Kissel will share during the webinar.
“Continuous performance testing is a match to the the requirements of DORA,” Kissel said. “Even a minor change to an application can have an impact on performance impact, so it makes sense to continuously do the performance testing as part of the build pipeline.”
Register for our webinar to learn more
Our webinar on May 21st will provide you with a deep dive with Nordea and Tricentis into how automated testing can help your firm meet the DORA challenge. Whether you are well down the path to compliance or catching up, this session will provide practical tools and insights for your software risk management. We’ll also be leaving time in the webinar to discuss your technical questions and hear about your experience.
Click here to register for the webinar
Why not become a QA Financial subscriber?
It’s entirely FREE
* Receive our weekly newsletter every Wednesday * Get priority invitations to our Forum events *
REGULATION & COMPLIANCE
Looking for more news on regulations and compliance requirements driving developments in software quality engineering at financial firms? Visit our dedicated Regulation & Compliance page here.
WATCH NOW
READ MORE
- Why real-time monitoring and scenario testing are becoming core QA disciplines
- BankDhofar takes an automated approach to strengthen QA
- Banks warned AI still fails on real-world software testing tasks
- SEC’s AI emphasis drives new QA and testing imperatives for US banks
- Inside the chaos: The new reliability discipline reshaping banking QA
