Articles tagged with: ISO 27001

ISO 27001 and DORA: how to align information security, ICT risk and operational resilience

ISO 27001 and DORA alignment guide

ISO 27001 and DORA: how to align information security, ICT risk and operational resilience

ISO/IEC 27001 does not replace DORA, but it can provide a solid foundation for organising Information Security, ICT risk management, continuity, documented evidence and supplier oversight.

⏱️ Estimated reading time: 5 minutes

Information Security is no longer only a technical responsibility. Today, it is also a priority for management, compliance, business continuity and digital trust.

With DORA, financial entities and many of their service providers face more demanding requirements for ICT risk, incidents, digital operational resilience testing and third-party management. In this context, ISO/IEC 27001 becomes particularly relevant because it offers a recognised framework for organising policies, responsibilities, controls, evidence and continual improvement.

For organisations and professionals, understanding the connection between ISO 27001 and DORA can be a strategic advantage.

NIS2 and ISO/IEC 27001: the same obligation or two different requirements?

Cybersecurity obligations and requirements

NIS2 and ISO/IEC 27001: the same obligation or two different requirements?

NIS2 and ISO/IEC 27001 share a common vocabulary: risk, controls, incidents, responsibilities. But they do not have the same nature or the same purpose. Treating one as a substitute for the other is one of the most frequent misunderstandings, with practical consequences for organisations and professionals.

⏱️ Estimated reading time: 6 minutes

The entry into force of NIS2 reinforced an idea that many organisations already knew, but did not always treat with the necessary priority: cybersecurity is no longer merely a technical concern and has become a requirement of governance, risk management, operational continuity and management accountability.At the same time, many entities already had, or are preparing, information security management systems based on ISO/IEC 27001. This raises a frequent question:Is complying with ISO/IEC 27001 the same as complying with NIS2?The answer is clear: no. NIS2 and ISO/IEC 27001 are not the same obligation. But they are deeply related.