Climate risk Reporting And ISO 14001
UK Businesses must report their climate risks to investors from 2021. Theannouncement by...
The Digital Operational Resilience Act (DORA) is a new regulation in the European Union that aims to strengthen the operational resilience of the financial sector against ICT-related disruptions.
The regulation came into force in January 2023. Institutions have until January 2025 to comply.
Ensuring compliance means that financial institutions will have to review their supply chains to identify risks. Suppliers seeking to win new business or retain existing contracts will need to demonstrate how they:
Suppliers who already have an information security management system that has been independently audited against an internationally recognised standard such as ISO 27001 will be in a better position to support their clients’ DORA compliance.
ISO 27001 and DORA both emphasise the importance of:
In addition, both frameworks require organisations to:
Whilst DORA is specifically designed for the financial sector, ISO 27001 is a general standard that can be applied to any organisation of any size. This means that the standard can be implemented by any organisation in the supply chain of a financial institution.
ISO 27001:2022 is the latest version of the standard and supports the DORA requirements to:
The table below captures the key DORA requirements and the corresponding, supporting clauses in ISO 27001.
A key requirement of ISO 27001 (and of all ISO management standards) is identification of the needs and expectations of interested parties (customers, investors, staff, regulators, etc). Additionally, ISO 27001 requires organisations to identify, and act upon their legal, regulatory, and contractual obligations.
Understanding your regulatory requirements and ensuring that your ISMS addresses these will support your achievement and retention of ISO 27001 certification. Being able to demonstrate how your organisation can support the DORA compliance regime will be essential in winning and retaining customers in the financial services sector.
Morton McCann helps organisations to achieve and retain the ISO certifications that will support their growth. If you’d like to discuss how to align your information security management to support DORA or other regulations, or would like to know more about ISO standards, just complete the contact form and we’ll call you back.
UK Businesses must report their climate risks to investors from 2021. Theannouncement by...
I’ve had two great customer service experiences just recently that I thought were worth sharing.
We all know that our flights cost more when we want more comfort than is offered by economy...