NIS2 — what the directive requires and how security maps to it
NIS2 (Directive (EU) 2022/2555) requires essential and important entities across the EU to implement risk-management measures and report significant incidents within tightly defined deadlines. Compliance is read as a programme — governance, supply-chain security, technical controls, incident reporting, and accountability at management level — not a one-time certificate.
ReadDORA — financial-services digital operational resilience explained
DORA (Digital Operational Resilience Act, Regulation (EU) 2022/2554) requires EU financial entities to implement an ICT risk-management framework, classify and report ICT-related incidents, run digital operational resilience testing, and govern third-party ICT service providers — including critical providers designated by the European Supervisory Authorities.
ReadISO 27001 — supplier vetting and information-security controls
ISO/IEC 27001:2022 organises supplier-relationship security around four controls (A.5.19 to A.5.22) covering information security in supplier relationships, information-security clauses in agreements, supply-chain security, and monitoring/review of supplier services. Auditors look for documented assessment, clause coverage, monitoring evidence, and a current relationship inventory.
ReadGDPR — security obligations for personal-data handling in security operations
GDPR (Regulation (EU) 2016/679) requires controllers and processors of personal data to implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk. For security operators handling visitor logs, CCTV, screening, and incident records, GDPR is a routine compliance overlay — not a side concern.
ReadReady to speak with a specialist?
We will respond within one business day. Initial conversations are confidential and without obligation.
Request a Consultation