As more sectors prioritise cybersecurity and the protection of sensitive information, new regulations are constantly emerging. In 2023, the European Union adopted the Digital Operational Resilience Act (DORA), aimed at enhancing ICT risk management across the financial sector.
But how can organisations implement the new DORA framework, and can this framework be aligned with ISO standards?
What is an ISO/IEC 27001:2022 ISMS?
ISO/IEC 27001:2022 is the international standard for implementing an Information Security Management System. An ISMS ensures that organisations stay aligned to local and international laws and regulations to safeguard personal information across organisations.
What is DORA?
Digital Operational Resilience Act (DORA) is a European Union regulation that provides a comprehensive ICT risk management framework for the financial sector and will officially apply from the 17th of January 2025.
DORA has been created with the aim to strengthen the cyber resilience of financial entities against ICT-related threats, attacks, and disruptions. The financial sector deals with vast amounts of sensitive data and is constantly under threat of being attacked by cybercriminals.
Key Principles of DORA
Although the key of DORA is risk management this can be broken down into smaller scale steps to be implemented including:
ICT Risk Management: Organisations will have to implement a comprehensive risk assessment framework to identify, assess, and manage ICT risks.
ICT Incident Reporting: Organisations will be responsible for implementing robust mechanisms for reporting ICT-related incidents.
Digital Operational Resilience Testing: Regular testing to ensure preparedness against disruptions will be required by financial organisations.
Third-Party Risk Management: Financial organisations will be responsible for managing risks associated with third-party ICT service providers.
Can an ISO/IEC 27001:2022 ISMS Simply DORA Compliance?
Absolutely! ISO/IEC 27001:2022 provides organisations with the structure to implement systems that support your ability to comply with DORA. As both DORA and ISMS have a risk-based approach. However, only conforming to ISO/IEC 27001:2022 is not enough to automatically be compliant with DORA; it has the potential to make compliance easier and quicker.
When implementing an ISMS, organisations will be able to account for DORA from the start, noting DORA as a relevant legal and contractual requirement. DORA compliance is possible through an ISMS because of the flexible approach of the international standard. However, the biggest catch is that you will have to implement your ISMS with DORA in mind from the start.
DORA does not match an ISMS perfectly and does have additional requirements such as penetration testing. An ISMS does not have an explicit requirement for penetration testing; it is possible to add it as an additional control.
How can WWISE Support Your Organisations DORA Compliance?
Although we do not currently have training for DORA, we do have various ISO/IEC 27001:2022 ISMS training available, and our experts are able to align the international standard with the new DORA framework.
If your organisation is approaching DORA from the space of implementing an ISMS, we provide various online courses that are able to bring all your staff and dedicated team members up to speed about the international standard.
Online training we currently provide for ISO/IEC 27001:2022 include:
- ISO/IEC 27001:2022 Information Security Management Transition Course: Is the perfect training for delegates who have experience with an ISMS and who might need an update on clauses and controls that have changed with new amendments.
- ISO/IEC 27001:2022 Information Security Management Awareness Course: Awareness training is ideal if your delegates lack foundational knowledge of an ISMS and international standards.
- ISO/IEC 27001:2022 Internal Auditing Course: Internal Auditing training ensures your dedicated team is able to perform audits on your ISM and provide a plan for improving the ISMS.
- ISO/IEC 27001:2022 ISMS Implementation Course: Implementation training ensures that your dedicated team of implementers are able to implement an ISMS and set up all the processes and procedures necessary for compliance with local and international laws and regulations.
While an ISMS may not align perfectly with all DORA requirements, our experts can help you implement the necessary systems to ensure compliance. Do not wait until 2025 to comply with DORA.
Have any questions about ISO/IEC 27001:2022 ISMS online training? Contact one of our experts on 012 644 0142 or email us at admin@wwise.co.za today.