Azul's OpenJDK solutions comply with EU's DORA standards

Yesterday

Azul has announced that its OpenJDK solutions have met the Digital Operational Resilience Act (DORA) provisions, reinforcing the company's commitment to digital resilience for EU financial institutions.

DORA aims to strengthen the digital resilience of financial entities, mitigate ICT-related risks, and ensure their ability to withstand, respond to, and recover from ICT disruptions. These requirements are critical, especially since Java is the predominant programming language used in the financial services industry, with 51% of the code within financial services written in Java according to the 2022 FINOS report.

Azul's long-term support (LTS) Java versions, which include updates for older versions like Java 6 and 7, ensure continued stability and security, which are essential for maintaining operational resilience under regulatory pressures. The company's offerings include comprehensive testing and compatibility with modern architectures and cloud environments.

The upcoming DORA enforcement deadline on January 17, 2025, stipulates that non-compliance could lead to significant fines, impacting not just EU financial entities but also global organisations with EU operations and their third-party providers.

According to Crucyble, an information security consulting firm that assessed Azul's practices, "Azul has made considerable efforts to comply with the Digital Operational Resilience Act (DORA) EU by implementing a robust governance framework, risk management protocols, incident response capabilities, and third-party risk management strategies. Through continuous monitoring, regular testing, including penetration tests, and comprehensive plans for ICT resilience and recovery, Azul demonstrates a strong commitment to ensuring operational continuity and resilience."

Azul provides fully supported, OpenJDK distributions—Azul Platform Core and Azul Platform Prime—which ensure timely security updates and patches, stabilised security-only updates, and continuous vulnerability monitoring via the Azul Intelligence Cloud. These features support financial institutions in adhering to DORA requirements by ensuring applications remain resilient and free from critical vulnerabilities.

"As a trusted partner to our customers, we understand the complex challenges financial institutions face in meeting these stringent requirements," stated James Johnston, Vice President of EMEA at Azul. "With Java powering most critical financial systems, unsupported or vulnerable Java infrastructure puts DORA compliance at risk. Our solutions enable companies to accelerate their compliance efforts while reducing costs and complexity—critical factors given the rapidly approaching deadline."

Azul has outlined five essential steps to aid financial institutions in their DORA compliance efforts involving Java applications and infrastructure. These include developing an ICT Risk Management Framework, establishing an Incident Reporting Mechanism, conducting regular testing of ICT systems, enhancing third-party risk management practices, and facilitating information sharing on cyber threats.

Share on: