DORA voor ICT-leveranciers: Wat moet je weten?

DORA for ICT suppliers: what do you need to know?

March 12, 2025

The Digital Operational Resilience Act (DORA) is a European regulation that is effective as of Jan. 17, 2025 is in effect and aims to increase the digital resilience of financial institutions

This legislation sets requirements for the security of network and information systems so that they can withstand disruptions and cyber attacks. Although DORA is aimed primarily at financial institutions, it also has significant implications for IT vendors who provide their services to these institutions

Impact on IT vendors

DORA applies to a wide range of ICT services provided by ICT suppliers to financial institutions within the EU. These include Software-as-a-Service (SaaS), Platform-as-a-Service (PaaS), Infrastructure-as-a-Service (IaaS), software, cybersecurity services, data center services, data analytics services and managed services such as network management. Even digital doorbells, thermometers and pinkassa can qualify as ICT services under DORA

Obligations for IT vendors

At all times, a financial institution is responsible for complying with and monitoring its obligations under DORA. Therefore, they will contact their existing and potential ICT suppliers to ensure their compliance with information security standards.

ICT vendors can expect the following topics to be addressed:

Risk assessment and due diligence.: Before contracting, the financial institution should conduct due diligence to ensure that the IT vendor is suitable and meets information security standards.
Continuity and resilience: Assessment of the IT vendor's risk management and business continuity measures to ensure the operational resilience of the financial institution.
Subcontractors: Requests for information from the financial institution on the use of subcontractors used by the IT vendor.

DORA introduces new requirements and contractual adjustments that ICT suppliers must implement to support their customers in increasing their digital resilience. It is essential for ICT suppliers to be aware of these obligations and take proactive measures to meet the requirements of DORA.

At Analyst ICT, we have prepared ourselves by ensuring that we comply with ISO 27001, NEN 7510 and ISO 9001 standards. What this all means and how we have arranged this, we would be happy to discuss with you. Superlogic right?

Recent blogs

Blog

What are quantum computers? And why is everyone suddenly talking about them?

Chances are you've been hearing more and more about quantum computers in recent months. In the news, on LinkedIn, or perhaps even during conversations about AI and cybersecurity. Especially now that a Dutch chip developer is gaining global attention with a new generation of quantum chips, the technology suddenly seems closer than ever. But what exactly is a quantum computer? And why is so much expected of it? From Ordinary Computer to Quantum Computer To understand quantum computers, it's helpful to first look at how a normal computer works. A traditional computer — like your laptop or server — works with bits. A…

Blog

With our feet in the mud

Here we are. Not quite recognizable anymore, thanks to AI trying to protect children. Understandable, of course. But believe us: these really are Berry and Frank. More than ten years apart, but in reality, we've always been brothers from another mother. And what do we have in common? A lot... and at the same time, almost nothing. Berry is often the good cop. Calm, down-to-earth, and always working to get things done. I'm usually the bad cop. Direct, critical, and always looking for ways to improve. But that combination is precisely what works. What completely unites us, though, is our love for...

Blog

MacAdmins Meeting: What's relevant for your organization?

Last week, we attended the MacAdmins Meeting in Leiden. It's a gathering focused on Apple administration, security, and innovation. What stood out? Developments are moving fast. But more importantly: they are becoming increasingly relevant for SMEs. We'd like to share the key insights with you. What's happening? And what does that mean for your organization? Running AI Locally: Control Over Data and Costs AI is now everywhere. But one question remains central: where does your data reside? A significant topic during the meeting was running AI models (LLMs) locally. Instead of relying on external cloud platforms, more and more...

DORA for ICT suppliers: what do you need to know?

Recent blogs

What are quantum computers? And why is everyone suddenly talking about them?

With our feet in the mud

MacAdmins Meeting: What's relevant for your organization?

A newsletter

Superlogic right?

Contact

Direct to

About us

What we do