ISO 27001 and DORA: how to align information security, ICT risk and operational resilience

ISO 27001 and DORA alignment guide

ISO 27001 and DORA: how to align information security, ICT risk and operational resilience

ISO/IEC 27001 does not replace DORA, but it can provide a solid foundation for organising Information Security, ICT risk management, continuity, documented evidence and supplier oversight.

⏱️ Estimated reading time: 5 minutes

Information Security is no longer only a technical responsibility. Today, it is also a priority for management, compliance, business continuity and digital trust.

With DORA, financial entities and many of their service providers face more demanding requirements for ICT risk, incidents, digital operational resilience testing and third-party management. In this context, ISO/IEC 27001 becomes particularly relevant because it offers a recognised framework for organising policies, responsibilities, controls, evidence and continual improvement.

For organisations and professionals, understanding the connection between ISO 27001 and DORA can be a strategic advantage.

Regulation 756/2026: what changes in cybersecurity in Portugal and how to prepare your organisation

Cybersecurity Regulation 256_2026

Regulation 756/2026: what is changing in cybersecurity in Portugal and how to prepare your company

Regulation No. 756/2026 implements the new Legal Framework for Cybersecurity in Portugal and turns cybersecurity into a demonstrable responsibility of governance, risk, evidence, incident response and operational resilience.

⏱️ Estimated reading time: 4 minutes

Regulation No. 756/2026, of 22 June, has been published, implementing the new Legal Framework for Cybersecurity in Portugal. This regulation operationalises several obligations provided for in Decree-Law No. 125/2025, the legal instrument that transposed the NIS2 Directive into Portuguese law.

For companies, the message is clear: cybersecurity is no longer only a technical topic. It is becoming a demonstrable responsibility of governance, risk, evidence, incident response and operational resilience.

Cybersecurity in 2026: why digital risk is no longer just an IT responsibility

Cybersecurity in 2026

Cybersecurity in 2026: why digital risk is no longer just an IT responsibility

Cybersecurity is no longer just a technical issue. In 2026, it is also a matter of governance, risk management, compliance, operational continuity, evidence and team readiness.

That is why discussing cybersecurity in 2026 means discussing digital risk, compliance, operational resilience and the ability to demonstrate evidence.

⏱️ Estimated reading time: 7 minutes

“`For years, cybersecurity was treated as an essentially technical matter. The focus was on firewalls, antivirus, access management, backups, tools, systems and IT teams.

All of this remains essential. But it is no longer enough.

NIS2 and ISO/IEC 27001: the same obligation or two different requirements?

Cybersecurity obligations and requirements

NIS2 and ISO/IEC 27001: the same obligation or two different requirements?

NIS2 and ISO/IEC 27001 share a common vocabulary: risk, controls, incidents, responsibilities. But they do not have the same nature or the same purpose. Treating one as a substitute for the other is one of the most frequent misunderstandings, with practical consequences for organisations and professionals.

⏱️ Estimated reading time: 6 minutes

The entry into force of NIS2 reinforced an idea that many organisations already knew, but did not always treat with the necessary priority: cybersecurity is no longer merely a technical concern and has become a requirement of governance, risk management, operational continuity and management accountability.At the same time, many entities already had, or are preparing, information security management systems based on ISO/IEC 27001. This raises a frequent question:Is complying with ISO/IEC 27001 the same as complying with NIS2?The answer is clear: no. NIS2 and ISO/IEC 27001 are not the same obligation. But they are deeply related.

Frameworks vs Regulations: what do you really need to implement?

Frameworks vs Regulations_eng

Frameworks & Regulations • Article

Frameworks vs Regulations: what to implement and why

⏱️ Estimated reading time: 8 minutes

Frameworks vs regulations is one of the most common questions for organisations that need to improve maturity, meet legal obligations and avoid duplicated compliance work.

Frameworks vs regulations: comparison between best practices and legal requirements

In a world saturated with standards, frameworks, directives and regulations, many organisations face the same question:
After all, what should we implement? ISO/IEC 27001? NIST? NIS 2? DORA? Everything?