DORA Regulation and ISO Management Systems: a GRC approach

06 Aug 2025 07:00 AM - By itSMF Staff

Reading time: ~ 2 min.

direttiva sulla responsabilità da intelligenza artificiale itsmf blog

The Digital Operation Resilience Act (DORA) Regulation

The Regulation (EU) 2022/2554 of the European Parliament and the Council of 14 December 2022 on digital operational resilience for the financial sector entered into force on 16 January 2023 and it applies to EU financial service providers.

The Digital Operation Resilience Act (commonly known as DORA) amends all these regulations:

  • (EC) N. 1060/2009, commonly known as «Credit Rating Agencies»;
  • (EU) N. 648/2012, commonly known as «EMIR», OTC derivatives;
  • (EU) N. 600/2014, commonly known as «MIFIR», Markets in Financial Instruments;
  • (EU) N. 909/2014, commonly known as «CSDR»;
  • (EU) 2016/1011, commonly known as «Benchmark Regulation».

The requirements of digital resilience and security set by DORA

The Digital Operational Resilience Act (DORA) defines a set of requirements to ensure both digital resilience and security especially in the following chapters:

  • 📘 I. General Provisions
  • 📘 II. ICT Risk Management
  • 📘 III. ICT Related Incident Management Process
  • 📘 IV. Digital operational resilience test
  • 📘 V. Managing of ICT third party risk
  • 📘 VI. Information sharing arrengement

To manage these requirements, we can adopt – as usual – our GRC approach. These are the relevant ISO standards we can rely on:

  • ISO 38500 (Governance)
  • ISO 31000 (Risk Management)
  • ISO 37301 (Compliance)

The GRC approach provides a useful basis for addressing and integrating the main aspects of:

  • ISO 22301 (Resilience and business continuity)
  • ISO 27001 (Information security)
  • ISO 20000-1 (ICT services; such as: asset and configuration, management, threats and vulnerabilities)
  • ISO 27035 (incident and problem management)
  • backup and disaster recovery, etc.

Our infographic on the applicable ISO standards

To better figure out  the «big picture» about the DORA regulation and the ISO Management Systems according to the suggested GRC approach, take a look at this infographic:

By Andrea Leonardi (Minerva Group Service, Alpemi Consulting & itSMF Swizerland board member).
If you want to keep you up-to-date with the most recent news on this topic, don't forget to subscribe to our newsletter: you will get a monthly update with the most relevant and valuable content from our experts!

SUBSCRIBE TO OUR NEWSLETTER

Need to know more about it?

Click on one of the options below to enter in the itSMF Enviroment and for being updated the way which is best for you.

Subscribe to itSMF Newsletter
CONTACT US TO SEND YOUR MESSAGE
DISCOVER OUR EVENT CALENDAR
Get the benefits of Membership Program

Our sponsors

A special thanks to our Advanced Sponsors:

itSMF Staff

Categories :
Tags :