01 What is it?
DORA (Digital Operational Resilience Act) is the EU's binding regulation for digital operational resilience in financial services. NIS2 expands the EU cybersecurity baseline across critical and important sectors. Both impose specific governance, risk and incident-response controls, with significant penalties for non-compliance.
02 Why implement it?
- Binding EU regulations with significant penalties
- DORA: required for financial entities and their ICT providers
- NIS2: covers critical and important sectors across the EU
- Specific controls for incident response and third-party risk
- Align cleanly with ISO 27001 and SOC 2 baselines
03 How I help
I help organisations assess their DORA or NIS2 scope, design the governance and risk-management framework, map controls to the regulations, build the incident-response and third-party risk programs, and prepare the evidence pack.
04 Expected deliverables
- DORA and NIS2 scoping assessment
- Governance and risk-management framework
- Incident-response and third-party risk programs
- Control implementation and evidence pack
- Regulator-readiness plan