DORA Compliance Advisory Services for Copp Clark

Our experts helped Copp Clark, as an ICT Service Provider, strengthen their security posture and adopt DORA-compliant controls to align with evolving customers' requirements in the finance domain
Customer:
Global market holidays data provider
Strengthening DORA compliance

  • Business Need

    Copp Clark, a Canadian-based company, delivers services to worldwide financial businesses, including those in Europe that are now subject to DORA. Since the regulation classifies Copp Clark as an ICT third-party service provider, they needed to align their security process with DORA as well.

  • Result

    We helped Copp Clark establish a robust security process following DORA regulations and best security standards, including the ISO 27001 framework. This allowed our Client to successfully pass third-party regulatory checks requested by their customers.

Quote background
In a very organized and systematic way, Sigma Software assisted us in preparing policy documents, leading us to effectively navigate DORA compliance.
Carol Champ
VP - Operations
Copp Clark Limited

Collaboration overview

Key Facts

Copp Clark is a Canadian company that provides financial institutions with data on global public holidays, early close days, and trading hours for effective trading and payment planning. As the company works with the EU businesses that fall under DORA, they also needed to align with the regulation and sought a reliable DORA compliance partner to help them meet requirements.

Given the company’s scale, it was important to accurately assess Copp Clark’s proportional DORA responsibility to avoid overcomplicated activities that may drain their resources. We took a comprehensive approach to the Client’s compliance journey and delivered:

  • Compliance consulting to strategically plan the company’s adherence to the DORA regulation
  • Penetration testing to evaluate the resilience of Copp Clark’s systems and infrastructure against cyber threats
  • Support in a security awareness process setup to prepare for evolving customer and regulatory requirements
  • Assistance in completing the DORA compliance checklist to help them pass the third-party service provider assessment

Given that every business case is unique, we first needed to understand Copp Clark’s current security state to shape the right compliance strategy. Therefore, we started with a series of stakeholder interviews to gain insights into the company’s existing processes and developed a tailored roadmap for aligning with DORA.

As a part of it, we performed a gap assessment and benchmarked our findings against DORA requirements for ICT third-party service providers. This helped us validate components for a robust Information Security Management System (ISMS) and prepare the necessary internal documentation, including:

  • Risk Management Policy
  • Third-party Management Policy
  • Business Continuity & Disaster Recovery Plan
  • Incident Response Plan

In the scope of the DORA regulatory framework, Digital Operational Resilience Testing (DORT) plays a crucial role. Hence, our next focus was on assessing the Client’s systems’ ability to withstand potential threats by running a penetration test on their environment.

Given that our Client is a service company with a unique operational model involving a distributed infrastructure, we began by defining the right scope for the testing. This helped us avoid unnecessary, resource-intensive assessments and provide Copp Clark with a reasonable assurance that their core systems are secure against breaches. As a part of the testing process, we:

  • Conducted an in-depth analysis of the Client’s business process and outlined the areas critical for maintaining operational resiliency
  • Performed end-to-end penetration testing on the identified risk areas
  • Created a detailed report about identified security weaknesses
  • Provided recommendations on the remediation based on market standards and best security practices

Size & Duration

1 FTE, December 2024 – May 25

Highlights

Size & Duration

1 FTE, December 2024 – May 25

INDUSTRY
COUNTRY
SOLUTIONS
SERVICES
TECHNOLOGIES AND FRAMEWORKS

Testimonials

It was our pleasure working with the Sigma Software. They provided friendly, professional, and informative support at all times.
Carol Champ , VP - Operations, Copp Clark Limited
Carol Champ

VP - Operations

Copp Clark Limited

The collaboration with Copp Clark was a unique opportunity for us to help a Canadian-based client navigate the complex world of EU regulations. As Copp Clark was not directly within the scope of the DORA, we developed a compliance framework tailored to their operational needs. The key part of it was to bridge the gap between North American business practices and the EU's regulatory requirements. We are pleased to have successfully guided Copp Clark through the journey towards compliance with DORA and end-customers' expectations.
Yurii Honcharuk, Senior Compliance Manager at Sigma Software
Yurii Honcharuk

Senior Compliance Manager

Sigma Software

Compliance Specialists
Let us discuss how our team can contribute to your success

Related Services

DORA Compliance Consulting

Get full compliance with DORA and strengthen your security with our expert help.
Read more

Cybersecurity Consulting Services

Use our security services to boost business resiliency against evolving threats.
Read more

Penetration Testing Services

Discover hidden vulnerabilities early on with our tailored pen-testing services.
Read more

Financial IT Consulting

Rely on our domain experts to build & launch products that hit market fit.
Read more