Comply to the Digital Operational Resilience Act (DORA) by implementing ISO 27001

In 2022, the EU has adopted the Digital Operational Resilience Act. DORA ↗️ came into force on January 16, 2023 and will apply from January 17, 2025.

💡 NIS 2 is a directive, while DORA and GDPR are regulations. The big difference is that a directive must first be translated to local legislation, while a regulation becomes active immediately.

DORA aims to establish a higher level of cybersecurity to providers of financial services.

Affected institutions

  • Banks
  • Credit providers
  • Crowdfunding
  • Crypto plaftorms
  • Insurance
  • Investing platforms
  • Payment service providers
  • Retirement plans
  • Trading platforms

Does DORA impact you?

While DORA primarily addresses financial institutions in the EU, parts of it might also apply to their supply chain. For instance, SaaS, cloud or managed service providers delivering their services to these entities may also receive the requirement to demonstrate their compliance.

Contents of DORA

DORA is a comprehensive piece of legislation, describing the responsibilities of EU member states, including jurisdiction and penalties for non-compliance.

Measures

Furthermore, and this is what most of the fuss is about, articles 5 through 30 contain a number of technical, operational and organizational measures that financial entities must implement, related to:

  • Risk management
  • Incident management
  • Penetration testing
  • Supplier relations
  • Information transfer

Comply to DORA by implementing ISO 27001

Most of the requirements above can be covered when implementing an information security management system (ISMS) according to ISO 27001. Certification is not mandated by DORA, but it will certainly help organizations to demonstrate their compliance.

Next to compliance to DORA, there are many more benefits in implementing ISO 27001!

Read our blog article

How can we help?

Instant 27001 is a pre-built ISO 27001 Information Security Management System. It enables organizations to implement and maintain ISO 27001 in a controlled, practical way, without consultancy-heavy projects or intrusive automation platforms.

Trusted by more than 2,500 organizations to reduce risk, strengthen security governance, and demonstrate information security maturity to customers, partners, and regulators.

Instant 27001 integrates naturally with Atlassian Confluence and Microsoft 365 so teams can implement and maintain ISO 27001 in the tools they already use.

One-time purchase from €2,495. Available in English, Dutch, and German.

More resources about ISO 27001

100% first time success! Start with confidence.

Order now   Book a demo
Close