DORA FAQs

A: Your relationship with Proofpoint is governed by terms and conditions that align with DORA requirements. This may include, but is not limited to, the Proofpoint Master Subscription Agreement or Customer Agreement located on the Proofpoint License Terms website, certain Proofpoint Product Terms, the Proofpoint Data Processing Agreement, and for financial sector customers, our U.S. Financial Services Exhibit and DORA Financial Services Industry Addendum.

A: No. Proofpoint’s financial services customers are required to ensure that they meet their regulatory obligations. This includes a well-documented and comprehensive ICT risk management framework, which includes internal strategies, policies, procedures, protocols and tools designed to adequately protect and ensure the operational resilience, security, and availability of their information, systems, and ICT assets.

A: Any incident related to ICT that negatively impacts the regulated entity’s operations, security, or data integrity. This includes, but is not limited to:

• Cybersecurity events such as a malicious attack, phishing, hacking, ransomware, or data breach,
• Data loss or corruption resulting from human error, intentional exfiltration, or unauthorized access, modification, or deletion,
• System or software failures or malfunctions,
• Insider threats, such as employees leaking or misusing internal sensitive information
• Regulatory or legal compliance failures,
• Third-party risks, such as vendors or cloud providers experiencing a security incident, and
• Natural disasters that impact ICT infrastructure.

A: Proofpoint offers a range of cybersecurity and compliance solutions that can help its customers protect themselves from cybersecurity threats, insider risks, supply chain vulnerabilities, and other ICT risks. This includes, but is not limited to:

• Email Security and Protection - Proofpoint’s email monitoring solutions utilize advanced threat detection and filtering capabilities to protect against a wide range of threats, such as phishing, malware, spam, malicious URLs, and business email compromise.
• Adaptive Email DLP (AEDLP) – Proofpoint helps organizations avoid the loss of sensitive data by detecting and preventing misdelivered emails, mis-attached files, and intentional exfiltration of data.
• Adaptive Email Security (AES) – Proofpoint offers an Integrated Cloud Email Security (ICES) solution that delivers an additional layer of behavioral AI-based detection of advanced threats, including BEC, social engineering, and lateral phishing messages.
• Insider Threat Management – Proofpoint’s Insider Threat Management can provide visibility into risky employee behavior that leads to business disruption and data loss. Insider Threat Management gathers evidence to accelerate investigations and help ensure appropriate organizational response to mitigate loss.
• Automated Risk Based Learning – Move beyond standard compliance training to drive behavioral change and build a security-minded culture.
• Compliance reporting – Proofpoint offers compliance reporting tools and functionality including Compliance Gateway, Track, and Supervision to help organizations monitor and report on compliance with regulations and other requirements.
• Third party risk management – Proofpoint Supplier Threat Protection (STP) helps keep its customers’ supply chains secure from advanced phishing, malware, and business email compromise (BEC) attacks. It checks suppliers and known third parties for signs that they may have been compromised.
• Identity Threat Defense – Proofpoint’s Identity Threat Defense (ITD) platform provides comprehensive protection against identity-based threats. It includes Proofpoint Shadow (deception technology for active threat detection) and Proofpoint Spotlight (identity vulnerability discovery and remediation), allowing customers to identify and proactively address risks while also detecting and investigating active attacks through agentless deception techniques and forensic data collection.