Operational Resilience means running an IT environment that is secured according to the best standards and planning to return as fast as possible to normal operation after events and incidents. This is important for all IT systems but is a condition “sine qua non” for critical infrastructure. Policymakers and creators of frameworks have understood the urgency of operational resilience and started regulation: DORA for the finance sector, NIS 2 for critical infrastructure, European Cyber Resilience Act (CRA) for software and hardware products, Critical Entities Resilience Directive (CER) for ensuring essential services for the maintenance of vital societal functions, AI Act, Data Act, Product Liability Directive. The security community must now apply the regulations and define what they mean to their corporate environment. Typically, elements like Vulnerability Management, Incident Reporting, and Supply Chain Issues (SOBM and VEX) require strict compliance procedures, including audit (internal and external) security testing (Pentest, red teaming) and certification.

We are proud to have two speakers, Lucas Welton from Julius Baer, who implemented operational resilience, and Gabriela Bogk
from Stadler Rail, who is in the process of adopting Stadler Rail to compliance with several EU regulations, including NIS2 and
CRA, and CER. We will profit from their experience and learn about processes and their steps when approaching compliance.