Copp Clark, a Canadian-based company, delivers services to worldwide financial businesses, including those in Europe that are now subject to DORA. Since the regulation classifies Copp Clark as an ICT third-party service provider, they needed to align their security process with DORA as well.
We helped Copp Clark establish a robust security process following DORA regulations and best security standards, including the ISO 27001 framework. This allowed our Client to successfully pass third-party regulatory checks requested by their customers.
Copp Clark is a Canadian company that provides financial institutions with data on global public holidays, early close days, and trading hours for effective trading and payment planning. As the company works with the EU businesses that fall under DORA, they also needed to align with the regulation and sought a reliable DORA compliance partner to help them meet requirements.
Given the company’s scale, it was important to accurately assess Copp Clark’s proportional DORA responsibility to avoid overcomplicated activities that may drain their resources. We took a comprehensive approach to the Client’s compliance journey and delivered:
Given that every business case is unique, we first needed to understand Copp Clark’s current security state to shape the right compliance strategy. Therefore, we started with a series of stakeholder interviews to gain insights into the company’s existing processes and developed a tailored roadmap for aligning with DORA.
As a part of it, we performed a gap assessment and benchmarked our findings against DORA requirements for ICT third-party service providers. This helped us validate components for a robust Information Security Management System (ISMS) and prepare the necessary internal documentation, including:
In the scope of the DORA regulatory framework, Digital Operational Resilience Testing (DORT) plays a crucial role. Hence, our next focus was on assessing the Client’s systems’ ability to withstand potential threats by running a penetration test on their environment.
Given that our Client is a service company with a unique operational model involving a distributed infrastructure, we began by defining the right scope for the testing. This helped us avoid unnecessary, resource-intensive assessments and provide Copp Clark with a reasonable assurance that their core systems are secure against breaches. As a part of the testing process, we:
Carol Champ
VP - Operations
Copp Clark Limited
It was our pleasure working with the Sigma Software. They provided friendly, professional, and informative support at all times.
Yurii Honcharuk
Senior Compliance Manager
Sigma Software
The collaboration with Copp Clark was a unique opportunity for us to help a Canadian-based client navigate the complex world of EU regulations. As Copp Clark was not directly within the scope of the DORA, we developed a compliance framework tailored to their operational needs. The key part of it was to bridge the gap between North American business practices and the EU's regulatory requirements. We are pleased to have successfully guided Copp Clark through the journey towards compliance with DORA and end-customers' expectations.
