As financial entities across the EU prepare for the full implementation of the Digital Operational Resilience Act (DORA), Article 12 stands out as a cornerstone of Information & Communication Technology (ICT) risk management. It mandates robust backup policies, restoration and recovery procedures, and logically segregated systems to ensure operational continuity and data integrity during disruptions.
For organizations relying on mainframe systems, achieving these standards without introducing replication risks or compromising legacy security frameworks can be daunting. That’s where VirtualZ Computing’s FlowZ comes in — a modern data backup solution is the perfect fit to help meet the resilience and compliance demands of DORA.
What is DORA?
The Digital Operational Resilience Act (DORA) is a European Union regulation designed to ensure that financial entities can withstand, respond to, and recover from ICT-related disruptions — such as cyberattacks, system failures, or third-party outages.
Effective from January 17, 2025, DORA applies to banks, insurers, investment firms, and ICT service providers, introducing a unified framework for:
- ICT risk management
- Incident reporting and response
- Third-party oversight
- Operational resilience testing
- Information sharing on cyber threats
DORA shifts resilience from a technical concern to a board-level responsibility, requiring documented strategies, periodic testing, and secure backup and recovery procedures across all critical systems.
Article 12 at a Glance
DORA Article 12 requires EU financial entities to:
- Define backup scope and frequency based on data criticality
- Maintain restoration and recovery procedures that minimize downtime
- Use segregated ICT systems for recovery
- Periodically test backup and recovery methods
- Ensure data integrity through reconciliation checks
- Maintain redundant ICT capacities and secondary processing sites
These aren’t just technical requirements. They are operational imperatives for regulatory alignment and stakeholder trust. Meeting these requirements for mainframe users can be challenging, especially the logical and physical segregation requirements, in an easy-to-implement and cost-effective manner.
How FlowZ Helps
FlowZ is a unique offering in the market offering no-code, plug-and-play backup for your mainframe data to on-prem or cloud storage without additional mainframe CPUs, DASD, or VTL. FlowZ integrates with your existing backup software and does not require any additional file staging, ETL pipes or code on the target.
Let’s take a look at how FlowZ specifically addresses the requirements of DORA Article 12:
| DORA Article 12 Requirement | FlowZ Capability |
|---|---|
| Backup Scope & Frequency Backups must reflect data criticality and confidentiality. |
“Back up mainframe files to the cloud in minutes” FlowZ enables rapid, targeted backups without staging or scripting. This can be on-prem SAN storage, taking advantage of your backbone network. Additionally, FlowZ also unlocks many tiers of storage especially in the cloud to match the criticality of the data at the right cost point. |
| Restoration & Recovery Procedures Minimize downtime and ensure data integrity. |
“Proprietary journaling and caching” FlowZ ensures the continuity of the backup even in the case of network or target outages. |
| Segregated ICT Systems Recovery must occur on logically and physically separate systems. |
“Enable hybrid workflows quickly — without heavy configurations” FlowZ supports backup and recovery from cloud or distributed systems creating additional resiliency to your backup by having it available to completely segregated systems and platforms including encryption. |
| Periodic Testing of Recovery Methods Validate effectiveness of backup and restoration. |
“Installs in minutes with backup and recovery using your existing tools” FlowZ plugs and plays; ideal for frequent testing without disrupting production environments and storage. |
| Redundant ICT Capacity Ensure continuity through redundant systems. |
“Cloud-agnostic, SAN enabled and bidirectional” FlowZ’s unique flexibility to any cloud and SAN is ideal for meeting the geographically diversity requirement and the ability to have as many copies as desired. |
| Secondary Processing Sites (for CSDs) Maintain operational capability at alternate sites. |
“Share files seamlessly between mainframe and distributed applications” FlowZ enables continuity across secondary sites, allowing you to recover data to any FlowZ mainframe or even a non-mainframe platform if needed. |
FlowZ In Action
We invite you to see how FlowZ works in this demo. You will see:
- Lightning-fast install: Ready to use in seconds
- Real-world example: Moving mainframe files to SAN storage using standard commands and JCL
- High-performance transfer: Full 3390 disk dump in ~1:20
- Flexible file targets: Static or dynamic, on-prem or cloud
- Secure integration: With enterprise access controls and compliance
Summary: Compliance Meets Operational Efficiency
In a regulatory landscape where resilience is non-negotiable, FlowZ offers a strategic advantage. It empowers entities to:
- Modernize data access without compromising legacy security
- Meet DORA Article 12 requirements with minimal infrastructure overhaul
- Reduce compliance risk while enhancing operational agility
- Modernize backup and recovery workflows
- Maintain logical segregation and redundancy
- Test and validate procedures with minimal overhead
- Enables hybrid environments for maximum resiliency with end-to-end encryption.
For organizations navigating the intersection of mainframe modernization and EU regulation, FlowZ isn’t just a tool — it’s a compliance accelerator.
Learn More
- Watch the webinar.
- Schedule a FlowZ briefing.
- Visit our Customer Briefing Center.
- Review all VirtualZ Use Cases, Thought Leadership papers, and Solution Briefs.
- Explore our YouTube channel, podcasts, and blog.
- Still have questions? Contact us.
