Insights AWS news

DORA Compliance with AWS: 7 action points to consider

4 June, 2025

Bexprt are delighted to be one of the nine global launch partners for the new AWS D-CAT (DORA Compliance Recommendation Tool).
Here we share a 7-step action plan for consideration when working on DORA compliance with AWS.

Need some background about D-CAT first? Read more about the D-CAT, the AWS DORA Compliance Recommendation Tool, here.

1. Understand & apply the AWS Shared Responsibility Model

AWS manages the security of the cloud (infrastructure, hardware, software), while customers manage the security in the cloud (data protection, configuration, access control). For Financial Service Institutions (FSIs) (aka Financial Entities (FEs)), alignment of their operations with this model will assist in meeting DORA requirements.

2. Strengthen ICT risk management & operational resilience

Leverage AWS tools like AWS Well-Architected Framework (especially the Financial Services Lens), AWS Resilience Hub, Audit Manager, and Security Hub. FSIs should build resilient architectures and conduct regular assessments to identify and mitigate ICT risks.

3. Establish comprehensive governance and business continuity plans

Use the AWS Cloud Adoption Framework and AWS Prescriptive Guidance to define roles, responsibilities, and effective control frameworks. Utilize services like AWS Backup, AWS Elastic Disaster Recovery, and AWS Fault Injection Simulator for robust business continuity and ICT response strategies.

4. Utilize AWS compliance resources for audit & regulatory alignment

The new DORA Compliance Recommendation Tool (D-CAT) is an informational solution designed by AWS to help European Union financial entities evaluate their positioning relative to DORA requirements. This structured assessment framework provides recommendations across DORA’s five key areas: ICT Risk Management, ICT Incident Management, Resilience Testing, ICT Third Party Risk Management, and Information Sharing. Through a systematic approach, D-CAT enables organizations to receive recommendations related to their DORA posture, delivering insights based on AWS services and best practices.

D-CAT supports financial service institutions by providing directional guidance to help navigate complex DORA requirements through a structured assessment process. The tool delivers informational value through gap analysis and recommendation options based on AWS best practices, helping organizations develop informed strategies for their compliance journey.

Other AWS compliance and audit tools include AWS Artifact for third-party attestations, AWS Audit Manager for automated evidence collection, and AWS Cloud Audit Academy for training to demonstrate compliance with DORA’s internal audit and oversight requirements.

5. Secure your cloud environments proactively

Implement AWS-native security tools: IAM, GuardDuty, Inspector, Shield, CloudTrail, KMS, and follow AWS’s Security Reference Architecture and Incident Response Guide. Use the Security Pillar of the Well-Architected Framework to review cloud deployments.

6. Plan for region-specific data residency & cross-border outsourcing

AWS enables FSIs to choose data residency by selecting specific AWS Regions (e.g., Spain, Frankfurt). Data will not leave the Region unless explicitly configured. This helps comply with DORA’s rules on cross-border data flow and jurisdictional compliance.

7. Prepare for continuous improvement & engagement

Follow AWS guidance in Game Days (resilience testing), Disaster Recovery simulations, and AWS Enterprise Support (for 15-min critical issue response and strategic reviews). Engage with AWS Solution Architects and AWS Partners like Bexprt specializing in DR to stay aligned with evolving DORA requirements and AWS service updates.

Closing thoughts

Want to know more about how to apply AWS best practice, and leverage the benefits of the new AWS D-CAT?

Or, have wider questions about your organisation’s approach to Resilience and Disaster Recovery?

  • Bexprt specialises in Resilience, and was one of the first AWS Partners to achieve the third party audited “AWS Resilience Competency” in 2024.
  • Bexprt was the first AWS partner globally to complete a commercial assessment using the new AWS D-CAT capability, and on 4th June 2025 became one of just nine D-CAT global launch partners.
  • Get in touch! hello@bexprt.com

Discover more

With thanks to Cristian Critelli and Kiran Killedar at AWS for their partnership and commitment to bringing D-CAT to market.

Bexprt ◦ Your cloud business partner. hello@bexprt.com

Related Content

AWS news

Super-fast AWS Advanced Partner status awarded to Bexprt

10th August 2023 – Wokingham, UK & Riyadh, Saudi Arabia – UK-based technology business, Bexprt, today announced that it has achieved AWS Advanced Partner status, becoming one of the fastest companies in the world to have achieved the accolade. Now a featured member of the AWS Partner Network, Bexprt’s certified experts are accelerating their ability to provide Cloud Services […]

MORE DETAILS
AWS news

Bexprt wins 2024 AWS Rising Star Consulting Partner of the Year for the Middle East & North Africa

3rd December 2024 ◦ Wokingham, UK & Riyadh, Kingdom of Saudi Arabia ◦ UK-based technology company Bexprt wins 2024 AWS Rising Star Consulting Partner of the Year for the Middle East & North Africa. Bexprt recognized by AWS in the Middle East and North Africa as leaders in helping customers drive innovation. Bexprt, multi-award winning, […]

MORE DETAILS
AWS news

Bexprt & Symphonica: accelerating AI-driven no-code OSS deployment for telcos over the cloud

Bexprt and Symphonica confirm their partnership to accelerate the efficient delivery of the Symphonica AI-driven, no-code OSS platform to CSPs and MNOs seeking to optimize their digital transformation over the AWS cloud. Symphonica enables forward-looking telecom companies to move their OSS to the cloud, and launch new services immediately, via their AI-driven no-code OSS, cloud-native […]

MORE DETAILS