Insights AWS news

DORA Compliance with AWS: 7 action points to consider

4 June, 2025

Bexprt are delighted to be one of the nine global launch partners for the new AWS D-CAT (DORA Compliance Recommendation Tool).
Here we share a 7-step action plan for consideration when working on DORA compliance with AWS.

Need some background about D-CAT first? Read more about the D-CAT, the AWS DORA Compliance Recommendation Tool, here.

1. Understand & apply the AWS Shared Responsibility Model

AWS manages the security of the cloud (infrastructure, hardware, software), while customers manage the security in the cloud (data protection, configuration, access control). For Financial Service Institutions (FSIs) (aka Financial Entities (FEs)), alignment of their operations with this model will assist in meeting DORA requirements.

2. Strengthen ICT risk management & operational resilience

Leverage AWS tools like AWS Well-Architected Framework (especially the Financial Services Lens), AWS Resilience Hub, Audit Manager, and Security Hub. FSIs should build resilient architectures and conduct regular assessments to identify and mitigate ICT risks.

3. Establish comprehensive governance and business continuity plans

Use the AWS Cloud Adoption Framework and AWS Prescriptive Guidance to define roles, responsibilities, and effective control frameworks. Utilize services like AWS Backup, AWS Elastic Disaster Recovery, and AWS Fault Injection Simulator for robust business continuity and ICT response strategies.

4. Utilize AWS compliance resources for audit & regulatory alignment

The new DORA Compliance Recommendation Tool (D-CAT) is an informational solution designed by AWS to help European Union financial entities evaluate their positioning relative to DORA requirements. This structured assessment framework provides recommendations across DORA’s five key areas: ICT Risk Management, ICT Incident Management, Resilience Testing, ICT Third Party Risk Management, and Information Sharing. Through a systematic approach, D-CAT enables organizations to receive recommendations related to their DORA posture, delivering insights based on AWS services and best practices.

D-CAT supports financial service institutions by providing directional guidance to help navigate complex DORA requirements through a structured assessment process. The tool delivers informational value through gap analysis and recommendation options based on AWS best practices, helping organizations develop informed strategies for their compliance journey.

Other AWS compliance and audit tools include AWS Artifact for third-party attestations, AWS Audit Manager for automated evidence collection, and AWS Cloud Audit Academy for training to demonstrate compliance with DORA’s internal audit and oversight requirements.

5. Secure your cloud environments proactively

Implement AWS-native security tools: IAM, GuardDuty, Inspector, Shield, CloudTrail, KMS, and follow AWS’s Security Reference Architecture and Incident Response Guide. Use the Security Pillar of the Well-Architected Framework to review cloud deployments.

6. Plan for region-specific data residency & cross-border outsourcing

AWS enables FSIs to choose data residency by selecting specific AWS Regions (e.g., Spain, Frankfurt). Data will not leave the Region unless explicitly configured. This helps comply with DORA’s rules on cross-border data flow and jurisdictional compliance.

7. Prepare for continuous improvement & engagement

Follow AWS guidance in Game Days (resilience testing), Disaster Recovery simulations, and AWS Enterprise Support (for 15-min critical issue response and strategic reviews). Engage with AWS Solution Architects and AWS Partners like Bexprt specializing in DR to stay aligned with evolving DORA requirements and AWS service updates.

Closing thoughts

Want to know more about how to apply AWS best practice, and leverage the benefits of the new AWS D-CAT?

Or, have wider questions about your organisation’s approach to Resilience and Disaster Recovery?

  • Bexprt specialises in Resilience, and was one of the first AWS Partners to achieve the third party audited “AWS Resilience Competency” in 2024.
  • Bexprt was the first AWS partner globally to complete a commercial assessment using the new AWS D-CAT capability, and on 4th June 2025 became one of just nine D-CAT global launch partners.
  • Get in touch! hello@bexprt.com

Discover more

With thanks to Cristian Critelli and Kiran Killedar at AWS for their partnership and commitment to bringing D-CAT to market.

Bexprt ◦ Your cloud business partner. hello@bexprt.com

Related Content

AWS news

Want to discover more about AWS Outposts?

Updated 9th April 2024. What is “AWS Outposts”? AWS Outposts is a family of fully managed solutions that extends AWS infrastructure, AWS services, APIs, and tools to virtually any on-premises or edge location for a truly consistent hybrid experience. Outposts is ideal for workloads that require low latency access to on-premises systems, local data processing, […]

MORE DETAILS
AWS news

eCommerce: optimizing for growth, minimising for risk

Big numbers, big opportunities According to their comprehensive report “The future of e-commerce in the Middle East and North Africa: examining the key drivers of growth”, Medialinks predicts that the Middle East eCommerce market is estimated to grow with a compound annual growth rate of 15 per cent in 2023 as compared to 2021. Meanwhile, Frost […]

MORE DETAILS
AWS news

Bexprt graduates from AWS Partner Acceleration Program

The Bexprt Team worked together with the AWS PAT team to accelerate their AWS Partner journey and increase their AWS UK presence. “The program was completed over 4 months, and during that time Bexprt achieved AWS Advanced Partner Status, participated in the AWS Landing Zone Program and increased our connections within the UK AWS Leadership […]

MORE DETAILS