Our technology risk management practices meet highest standards

As you may know, on 17 January 2025 the EU Digital Operational Resilience Act (DORA) came into effect. Otherwise known as DORA, this regulatory framework has been designed to ensure businesses in the financial services sector can withstand, respond to and recover from all types of ICT-related disruptions and threats.

As your pension scheme provider, Irish Life is committed to ensuring that our technology risk management practices meet the highest standards and strictly comply with the latest DORA legislation.

In the table below, we've outlined the four key pillars of DORA, as well as Irish Life's approach towards achieving the highest standards under all DORA obligations:

Key pillars of DORA:	Irish Life's approach:
1. ICT Risk Management Framework	We have adopted a comprehensive ICT Risk Management Framework, which provides a robust foundation for managing technology risks. This covers three key components: Governance and Oversight, Risk Management Lifecycle, and Policies, Standards, Processes, and Controls.
2. Digital Operational Resilience Testing	Our framework includes IT Policies and Operating Standards aligned with industry standards and regulatory requirements, to ensure availability, authenticity, integrity and confidentiality of data is strictly adhered to. Additionally, we conduct regular and thorough testing of ICT systems.
3. ICT Third-Party Risk Management	Our framework includes robust processes for managing ICT third-party risks, such as detailed risk assessments before entering contractual arrangements, determining whether an ICT service supports a critical function, and ongoing monitoring of third-party performance and contractual arrangements. We also have contingency plans in place to manage the exit and transition of third-party services, ensuring continuity of critical functions.
4. ICT-related Incident Management, Classification and Reporting	We have developed incident response procedures, as well as the relevant Regulatory Technical Standards and Implementing Technical Standards, under guidance from the Central Bank of Ireland (CBI).

Irish Life remains committed to maintaining the highest standards of digital operational resilience, and we will continue to monitor and evolve our practices to meet the needs of our clients and regulatory requirements.

Irish Life Assurance plc, trading as Irish Life is regulated by the Central Bank of Ireland.

Irish Life Investment Managers Limited is regulated by the Central Bank of Ireland.

Irish Life Financial Services Ltd is regulated by the Central Bank of Ireland. Irish Life Financial Services Limited is registered in Ireland. Registered Office: Irish Life Centre, Lower Abbey Street, Dublin 1. Registered Number: 489221.

Irish Life Wellbeing is not a regulated financial services company.

In the interest of customer service we may record and monitor calls. Irish Life is part of the Great-West Lifeco group of companies, one of the world’s leading life assurance organisations. Irish Life Financial Services Limited is not responsible for the content of external internet sites.

Unsubscribe - this will unsubscribe you from receiving this e-newsletter in the future from Employer Solutions at Irish Life.

Irish Life Data Privacy Notice