As Director of Solutions Consulting at PagerDuty EMEA, I recently had the pleasure of sitting down with Andy White, Chief of Staff to the CTO at Checkout.com, to discuss how they’re navigating the challenges of DORA compliance using PagerDuty’s platform.

Understanding DORA

The Digital Operational Resiliency Act (DORA), which came into effect in January 2024, represents a significant shift in how financial institutions within the EU must handle their operational resilience. The regulation demands that financial entities demonstrate their ability to withstand, respond to, and recover from IT-related disruptions and threats. For companies like Checkout.com, a leading multinational fintech serving giants such as Netflix, Pizza Hut, and Coinbase, compliance isn’t just a regulatory requirement—it’s a business imperative.

Checkout.com’s Journey

During our conversation, Andy shared fascinating insights into Checkout.com’s transformation from what he candidly described as the “bad old days” of incident management. Picture a single Slack channel named “firefighting” with over 1,000 staff members, where commercial teams, engineers, and senior leadership all attempted to coordinate during incidents. It was, in Andy’s words, “extremely chaotic and counterproductive.”

The PagerDuty Impact

The implementation of PagerDuty has revolutionized Checkout.com’s incident management approach in several key areas:

1. Automated Incident Management:

   • Real-time incident detection through integrated monitoring tools

   • Automatic triggering of response workflows

   • Seamless creation of dedicated incident channels

   • Intelligent routing of alerts to appropriate teams

   • Automated escalation paths ensure no incident goes unaddressed

2. Streamlined Communication:

   • Structured communication channels replacing the chaotic “firefighting” approach

   • Integration with collaboration tools like Slack and Google Meet

   • Clear delineation of responsibilities during incidents

   • Focused participation from relevant stakeholders only

   • Automated status updates and notifications

3. Enhanced Response Times:

   • Significant reduction in mean time to acknowledge (MTTA)

   • Faster incident resolution through immediate team engagement

   • Elimination of manual coordination overhead

   • Proactive issue detection before customer impact

   • Real-time visibility into incident progress

4. Comprehensive Documentation and Analysis:

   • Detailed incident records to aid regulatory compliance

   • Automated capture of all incident-related communications

   • Rich data for post-incident reviews

   • Trend analysis capabilities for identifying systemic issues

   • Metrics-driven insights for continuous improvement

5. Integration Capabilities:

   • API-first approach enabling seamless integration with existing tools

   • Native connection to monitoring systems like Datadog

   • Custom workflow automation possibilities

   • Enhanced visibility across the technology stack

Cultural Transformation

What struck me most during our discussion was Andy’s emphasis on cultural change. While PagerDuty provided the technical foundation, the real success came from Checkout.com’s commitment to building a culture of operational resilience. They regularly conduct incident game days and tests, using PagerDuty Operations Cloud to help teams “build muscle” in incident response.

Looking Forward

Checkout.com continues to evolve its incident management practices, with exciting plans to leverage PagerDuty’s upcoming GenAI (PagerDuty Advance) features for more efficient post-incident reviews. They’re also making innovative use of our new incident types feature to customize responses for different business units.

Key Takeaways

For financial institutions working toward DORA compliance, Andy’s advice is clear: while the technical integration of PagerDuty has been straightforward, success lies in managing the cultural transformation. Start with hearts and minds, demonstrate early wins, and build from there.

At PagerDuty, we’re proud to partner with forward-thinking organizations like Checkout.com, helping them not just meet regulatory requirements but transform their operational resilience for the better. As the financial services landscape continues to evolve, we remain committed to providing the tools and support needed for our customers to succeed.

You can listen to the full webinar at this link: 

Building Resilience and Compliance in Financial Services

Lee Fredricks is the Director of Solutions Consulting at PagerDuty EMEA, based in London. He works with financial institutions across Europe to enhance their operational resilience and incident management capabilities.