Today, we’re excited to announce that DigitalOcean will begin signing Digital Operational Resilience Act (DORA) Addendums with eligible customers. Additionally, we engaged Schellman & Company to facilitate an audit of our environment, so that customers can deploy on DigitalOcean with trust in the organization’s risk management, security controls, operational resilience, incident management and reporting, and outsourcing and third party risk management.
What is DORA?
Effective January 17, 2025, financial entities operating in the European Union (EU) and Information and Communications Technology (ICT) third-party service providers are subject to the EU’s DORA. The regulation standardizes how financial entities report major ICT-related incidents, test their digital operational resilience, and manage ICT third-party risk across the financial services sector and EU member states.
DigitalOcean, DORA, and You
DORA Addendums
While DigitalOcean has not yet been designated a critical Information and Communications Technology (ICT) third-party service provider by European Supervisory Authorities, we recognize the need to enable select customers to address their DORA obligations relative to ICT third-party service providers, which can include; but, are not limited to, cloud service providers. Customers who require the DORA Addendum can request the document by contacting Sales.
Voluntary Audit
As part of our continued commitment to you, we engaged Schellman Compliance, LLC to facilitate an audit of our environment against DORA’s core regulatory framework, relevant Regulatory Technical Standards (RTS) and Implementation Technical Standards (ITS). The assessment returned zero findings. A summary letter can be viewed within our Trust Platform.