How ISO/IEC 27001:2022 ISMS Supports DORA - WWise ISO e-Learning

FREE

Weʼre Giving Away an ISO 50001 Handbook, Quality in Project Management and Quality Costing Video
WWISE


    As more sectors prioritise cybersecurity and the protection of sensitive information, new regulations are constantly emerging. In 2023, the European Union adopted the Digital Operational Resilience Act (DORA), aimed at enhancing ICT risk management across the financial sector.

    But how can organisations implement the new DORA framework, and can this framework be aligned with ISO standards?

    What is an ISO/IEC 27001:2022 ISMS?

    ISO/IEC 27001:2022 is the international standard for implementing an Information Security Management System. An ISMS ensures that organisations stay aligned to local and international laws and regulations to safeguard personal information across organisations.

    What is DORA?

    Digital Operational Resilience Act (DORA) is a European Union regulation that provides a comprehensive ICT risk management framework for the financial sector and will officially apply from the 17th of January 2025.

    DORA has been created with the aim to strengthen the cyber resilience of financial entities against ICT-related threats, attacks, and disruptions. The financial sector deals with vast amounts of sensitive data and is constantly under threat of being attacked by cybercriminals.

    Key Principles of DORA

    Although the key of DORA is risk management this can be broken down into smaller scale steps to be implemented including:

    ICT Risk Management: Organisations will have to implement a comprehensive risk assessment framework to identify, assess, and manage ICT risks.

    ICT Incident Reporting: Organisations will be responsible for implementing robust mechanisms for reporting ICT-related incidents.

    Digital Operational Resilience Testing: Regular testing to ensure preparedness against disruptions will be required by financial organisations.

    Third-Party Risk Management: Financial organisations will be responsible for managing risks associated with third-party ICT service providers.

    Can an ISO/IEC 27001:2022 ISMS Simply DORA Compliance?

    Absolutely! ISO/IEC 27001:2022 provides organisations with the structure to implement systems that support your ability to comply with DORA. As both DORA and ISMS have a risk-based approach. However, only conforming to ISO/IEC 27001:2022 is not enough to automatically be compliant with DORA; it has the potential to make compliance easier and quicker.

    When implementing an ISMS, organisations will be able to account for DORA from the start, noting DORA as a relevant legal and contractual requirement. DORA compliance is possible through an ISMS because of the flexible approach of the international standard. However, the biggest catch is that you will have to implement your ISMS with DORA in mind from the start.

    DORA does not match an ISMS perfectly and does have additional requirements such as penetration testing. An ISMS does not have an explicit requirement for penetration testing; it is possible to add it as an additional control.

    How can WWISE Support Your Organisations DORA Compliance?

    Although we do not currently have training for DORA, we do have various ISO/IEC 27001:2022 ISMS training available, and our experts are able to align the international standard with the new DORA framework.

    If your organisation is approaching DORA from the space of implementing an ISMS, we provide various online courses that are able to bring all your staff and dedicated team members up to speed about the international standard.

    Online training we currently provide for ISO/IEC 27001:2022 include:

    While an ISMS may not align perfectly with all DORA requirements, our experts can help you implement the necessary systems to ensure compliance. Do not wait until 2025 to comply with DORA.

    Have any questions about ISO/IEC 27001:2022 ISMS online training? Contact one of our experts on 012 644 0142 or email us at admin@wwise.co.za today.