In recent years, the world of IT has been under attack. Data is worth more than gold and malicious actors are doing their best to steal or kidnap data to extort money. We have seen major impacts from such attacks affecting society – to the extent of risking lives. Because of this, the European Parliament has been focusing the last couple of years to strengthen cyber resiliency and minimize the risks for the region. This climate change in IT is creating the perfect compliance storm within the EU – this would be my forecast on what is coming.
The introduction of all the directives (NIS2, CER, and DORA) signifies a paradigm shift toward more proactive risk management. The European Parliament’s commitment to ensuring a safer, more resilient Europe is clear. The regulations demand heightened cyber resilience and include non-compliance penalties. They signify a clear intent to safeguard critical and digital infrastructure. And compliance is essential for organizations operating in the EU. So what are the directives?
Maybe your organization has gone through all the new regulations and directives that are on its way, and you found your organization not in scope for these requirements. Should you just sit back and relax?
There is a reason for these requirements to exist; attacks will happen, major incidents will occur, and no one will check if you’re in scope before they attack you. Ask yourself if your organization would survive if you experienced a 60 day downtime of your IT services – it’s not uncommon that it takes this time to get back online. Cyber resilience is good for your business, it’s your lifeboat.
As a first step you may start following the legislative process within the country you operate.
Check scoping, will you be affected? What are the exact requirements?
Make sure to get an understanding if your organization will be affected by the regulation. Start now with analyzing the impact for your business so you understand the requirements, and how to get compliant.
Are you a financial institution in scope for DORA? Make sure you start an internal project for DORA compliance as early as possible and start with scoping, GAP-analysis, process validation, reporting validation. Ensure your organization understands what the requirements will be and what you need to do.
Veritas can help with many of the requirements set out in the directive. We have supported compliance within the financial sector for decades, and we have the experience, solutions and certifications that you would expect from such an important vendor. Do not hesitate to involve us in your projects. We can help you to check the boxes on important requirements for your organizations cyber resilience.