External videos

Available designs:

  • Design list cards (on 2 columns)
  • Design centered large video (in grid-x1 o grid-x2)

Please note 

Video url should be in these formats: 
https://vimeo.com/412134188
https://vimeo.com/754662913/e35c57f024  
https://youtu.be/tqh3d0SL8Tk
https://www.youtube.com/watch?v=4Bzt0bkFTWk

  • Only use a short text in Abstract. Recommended: maximum 130 characters
  • Check the length of abstract in relation to title. Long title -> no abstract
  • For accessibility reasons, add a transcription to your videos
  • The play button is centered and should not cover a face

 

Design list cards (on 2 columns) (directly on the page or in a section)

DORA: Strengthening TLTP for Cyber Resilience

[Julien Bacus: Partner, finance at Addleshaw Goddard] In their contractual arrangements with ICT providers, financial institutions shall ensure that they include provisions governing access rights, inspection and audit. These provisions must detail the areas to be audited, the standards to be applied and the frequency of such audits. These requirements are similar to the outsourcing requirements which were already applying before DORA.

However, DORA is not a "cut and paste" on these provisions and goes further than the existing regulatory guidance. Subjected to a limited exemption, DORA imposes to verify that auditors appointed to perform audits of ICT services of high technical complexity have the appropriate skills and knowledge. Even if DORA is a regulation directly applicable in all member states, please note that the certification of auditors is dealt with at national level. The harmonization sought by DORA is actually not complete in this respect. From a practical perspective, financial institutions need to have a clear picture of their own risks, but also of the risks that ICT providers may create. This is an extensive exercise which imposes new obligations on financial institutions.

[Ludovico Ninotti: Threat Intelligence Analyst, Sopra Steria] At Sopra Steria, our European reach enables us to have the appropriate local skills as required by DORA, to fulfill those strong audits and test requirements. In our view, cybersecurity is not just about reacting to threat, it is rather about staying ahead of a fast-evolving cyber threat landscape. Now the question is: how do we do that? how do we reach this ambitious objective? We do that by leveraging the cooperation between threat intelligence and the red team which becomes essential in the context of DORA activities. Threat intelligence collects huge amounts of data from different sources, about attack patterns and techniques used by threat actors, which specifically targets the financial sector.

Once all this info has been analyzed and structured, it is passed on to the red team which uses this info, which is stored into intelligence, to build realistic threat attack scenarios based on the most relevant threat and customize on your environment. So let us turn intelligence into resilience so that you are always prepared for whatever comes next in the future.

DORA: Secure your ICT contracts for optimal resilience

[Elisabeth Marrache - Partner, IP/IT and Data protection at Addleshaw Goddard] DORA highlights the necessity of managing relationships with third-parties to ensure digital resilience for financial institutions. One of the key requirements under this regulation is to formally outline ICT-Related risks in contracts.

The contracts must in particular include provisions on availability, authenticity, integrity, and confidentiality of data including personal data. Additional provisions must also be provided in contracts covering critical important functions. In practice, we find that clients have mostly adopted a risk-based approach, focusing on dealing with their key in-scope ICT service providers. However, this analysis is no walk in the park, mainly because DORA requires financial institutions to verify that their ICT third party service providers meet specific information security-standards - a requirement that could be particularly burdensome for some smaller ICT service providers. Thus, collaboration among all stakeholders, involved in the process, not just the legal teams, becomes necessary in order to offer pragmatic and tailored solutions that meet each parties' concerns and requirements. *

[Erwan Brouder: Deputy head of cyber-security business unit at Sopra Steria] To operationalize DORA, banks and subcontractors must move beyond compliance and turn contract terms into actionable realities. Clear agreements on resilience standards must be defined upfront. Both banks and subcontractors need to engage in regular crisis management exercises to test response strategies, identify gaps, and refine their coordinated actions. Although banks are now mostly focused on reviewing contracts with their critical subcontractors, they must recognize that all ICT suppliers are included in DORA's scope.

Banks can then play a vital role by providing clear guidelines, on resilience, offering frameworks, tools, and best practices that help subcontractors meet DORA's stringent requirements. Moving hand in hand is in the best interest of both parties as it enables shared expertise and resources, ensuring a robust compliant and secure operational environment for all. This is our vision at Sopra Steria, and something we promote with our clients and their ecosystem of suppliers.

DORA: Mastering the Register for Compliance

[Pierre Mathé, Senior associate, finance, Addleshaw Goddard] Financial institution shall maintain and update register of information, containing information on all ICT, contractual arrangement provided by third-party providers. Such a register is of paramount importance as the European supervisory authority will use the data from the register to inform which third-party providers should be designated as critical to the EU financial system.

The first designations are expected in the second half of 2025. The first version of this ITS was rejected by the Commission in September and finally adopted in December. This DNA creates additional difficulties for financial institutions in their DORA compliance roadmap. In practice, the ESAs want the registers by 30 April 2025, so national regulators are asking firms to submit the registers they will collect at national level before that date. Please note that regulators have clearly indicated that the compliance of the register of information will be a top enforcement priority in 2025.

[Vincent Lefevre, Director, Sopra Steria Next – Regulatory Tribe] In this challenging context, Sopra Steria may assist in designing solutions to help entities managing their register of information, ensuring efficient and accurate data submission to the competent authorities. From a practical point of view, the ITS final version defined a set of 15 data tables to be produced on which more than 116 controls will be performed. In response to the concerns raised by this new reporting system, the regulator decided to set a full dry run, exercise on 1,000 financial entities. Viewed from the regular's side, the conclusion of the test is optimistic. But it still demonstrates that the objectives are very ambitious and requires significant workload for impacted entities.

To date, less than 7% of participants have passed all their entry checks. The ESAs have provided numerals tool to facilitate implementation of the register. They also streamlined the process by confirming that the technical ID to input in the reporting could be the LEI, already largely used. Financial entities now need to prepare the first declaration. Regulators already confirmed that the priority has to be given to the data quality rather than to completeness. Thanks to our data experience, we, at Sopra Steria, are ready to work side by side with our clients and help them solving operational issues to align with the DORA requirements.

Design centered large video (in grid-x1 or grid-x2)

DORA: Strengthening TLTP for Cyber Resilience

[Julien Bacus: Partner, finance at Addleshaw Goddard] In their contractual arrangements with ICT providers, financial institutions shall ensure that they include provisions governing access rights, inspection and audit. These provisions must detail the areas to be audited, the standards to be applied and the frequency of such audits. These requirements are similar to the outsourcing requirements which were already applying before DORA.

However, DORA is not a "cut and paste" on these provisions and goes further than the existing regulatory guidance. Subjected to a limited exemption, DORA imposes to verify that auditors appointed to perform audits of ICT services of high technical complexity have the appropriate skills and knowledge. Even if DORA is a regulation directly applicable in all member states, please note that the certification of auditors is dealt with at national level. The harmonization sought by DORA is actually not complete in this respect. From a practical perspective, financial institutions need to have a clear picture of their own risks, but also of the risks that ICT providers may create. This is an extensive exercise which imposes new obligations on financial institutions.

[Ludovico Ninotti: Threat Intelligence Analyst, Sopra Steria] At Sopra Steria, our European reach enables us to have the appropriate local skills as required by DORA, to fulfill those strong audits and test requirements. In our view, cybersecurity is not just about reacting to threat, it is rather about staying ahead of a fast-evolving cyber threat landscape. Now the question is: how do we do that? how do we reach this ambitious objective? We do that by leveraging the cooperation between threat intelligence and the red team which becomes essential in the context of DORA activities. Threat intelligence collects huge amounts of data from different sources, about attack patterns and techniques used by threat actors, which specifically targets the financial sector.

Once all this info has been analyzed and structured, it is passed on to the red team which uses this info, which is stored into intelligence, to build realistic threat attack scenarios based on the most relevant threat and customize on your environment. So let us turn intelligence into resilience so that you are always prepared for whatever comes next in the future.

DORA: Strengthening TLTP for Cyber Resilience

[Julien Bacus: Partner, finance at Addleshaw Goddard] In their contractual arrangements with ICT providers, financial institutions shall ensure that they include provisions governing access rights, inspection and audit. These provisions must detail the areas to be audited, the standards to be applied and the frequency of such audits. These requirements are similar to the outsourcing requirements which were already applying before DORA.

However, DORA is not a "cut and paste" on these provisions and goes further than the existing regulatory guidance. Subjected to a limited exemption, DORA imposes to verify that auditors appointed to perform audits of ICT services of high technical complexity have the appropriate skills and knowledge. Even if DORA is a regulation directly applicable in all member states, please note that the certification of auditors is dealt with at national level. The harmonization sought by DORA is actually not complete in this respect. From a practical perspective, financial institutions need to have a clear picture of their own risks, but also of the risks that ICT providers may create. This is an extensive exercise which imposes new obligations on financial institutions.

[Ludovico Ninotti: Threat Intelligence Analyst, Sopra Steria] At Sopra Steria, our European reach enables us to have the appropriate local skills as required by DORA, to fulfill those strong audits and test requirements. In our view, cybersecurity is not just about reacting to threat, it is rather about staying ahead of a fast-evolving cyber threat landscape. Now the question is: how do we do that? how do we reach this ambitious objective? We do that by leveraging the cooperation between threat intelligence and the red team which becomes essential in the context of DORA activities. Threat intelligence collects huge amounts of data from different sources, about attack patterns and techniques used by threat actors, which specifically targets the financial sector.

Once all this info has been analyzed and structured, it is passed on to the red team which uses this info, which is stored into intelligence, to build realistic threat attack scenarios based on the most relevant threat and customize on your environment. So let us turn intelligence into resilience so that you are always prepared for whatever comes next in the future.

Sopra Steria Cloud Services : Financial optimisation with Cloud Economics
Voice-over (female voice)
Pay-per-use use can generate savings. But if left unmonitored, Cloud consumption can be very costly. Let's take the example of Tom. The company's data center and hardware are becoming obsolete. Is it time to accelerate the migration of the I.T. system onto the Cloud? But how? He calls on Sopra Steria’s expertise.
As a Cloud consultant, I will produce a business case to map out eligibility. This shows me which applications need to be migrating. Next, I recommend different migration scenarios to meet the business's requirements. A pre-migration Cloud simulation enables Tom to fine-tune these options. These stages are crucial for anticipating transformations, estimating savings and managing risk. Tom opts for scenario 3 with the Cloud Optimization Service, which enables him to make substantial savings. I train his teams to develop and improve their skills.

Voice-over 2 (male voice)
As a FinOps Architect, I analyze the Cloud resources used for each application. I use our methodologies and tools to provide Tom with personalized dashboards and reports. Using my financial and technical knowledge, I check all data and select the relevant recommendations. I then reallocate resources to optimize usage and costs without impairing quality or performance. Continuous monitoring is necessary as Cloud services are constantly evolving.

Voice-over 1
As such, Sopra Steria offers a full portfolio of services which includes consulting to establish your Business Case, managing your migration and optimizing resource consumption whilst managing compliance and security. The benefits: Savings of 10% to 65%. Optimizing usages to meet the needs of business challenges. Improved visibility and predictability. Strengthened governance.

External video design video and abstract horizontal (in grid-x1 or grid-x2)

Sopra Steria Cloud Services : Financial optimisation with Cloud Economics
With the Cloud Economics offer, Sopra Steria supports its clients in anticipating and controlling the costs of private, public and hybrid clouds. Learn more in two minutes.
Voice-over (female voice)
Pay-per-use use can generate savings. But if left unmonitored, Cloud consumption can be very costly. Let's take the example of Tom. The company's data center and hardware are becoming obsolete. Is it time to accelerate the migration of the I.T. system onto the Cloud? But how? He calls on Sopra Steria’s expertise.
As a Cloud consultant, I will produce a business case to map out eligibility. This shows me which applications need to be migrating. Next, I recommend different migration scenarios to meet the business's requirements. A pre-migration Cloud simulation enables Tom to fine-tune these options. These stages are crucial for anticipating transformations, estimating savings and managing risk. Tom opts for scenario 3 with the Cloud Optimization Service, which enables him to make substantial savings. I train his teams to develop and improve their skills.

Voice-over 2 (male voice)
As a FinOps Architect, I analyze the Cloud resources used for each application. I use our methodologies and tools to provide Tom with personalized dashboards and reports. Using my financial and technical knowledge, I check all data and select the relevant recommendations. I then reallocate resources to optimize usage and costs without impairing quality or performance. Continuous monitoring is necessary as Cloud services are constantly evolving.

Voice-over 1
As such, Sopra Steria offers a full portfolio of services which includes consulting to establish your Business Case, managing your migration and optimizing resource consumption whilst managing compliance and security. The benefits: Savings of 10% to 65%. Optimizing usages to meet the needs of business challenges. Improved visibility and predictability. Strengthened governance.