Compliance: DORA
Digital resilience for the financial sector
Years of experience in data security combine with independent certifications and regular checks on all security measures to make netfiles a reliable partner for the financial sector. We give you:
High security and availability
Development and hosting activities and company headquarters in Germany alone
Certified and audited data storage in full compliance with data protection legislation
Full compliance with the DORA requirements placed on ICT service providers

What is DORA?
The Digital Rights Resilience Act (DORA), also known as regulation (EU) 2022/2554, came into force on January 17, 2025. Its objective is to strengthen cyber-resilience in the financial sector and protect the industry from growing threats.
In a single EU regulation, DORA brings together a variety of requirements designed to reinforce cybersecurity and minimize risks around information and communication technology (ICT). By implementing these prescriptions, the financial sector should become more resilient in the face of ICT-related disruptions and be able to react more quickly to cyber-attacks.
Who is affected?
Banks, insurance companies, investment firms and payment service providers – indeed virtually all institutions and companies in the European financial sector – are affected by DORA, as are their ICT providers. By implication, this means that netfiles too must comply with the requirements of DORA.
What do companies have to do?
To comply with DORA, players in the financial sector must ensure that data and files are exchanged securely – especially when dealing with external parties. This involves measures to minimize risks (such as data leaks and data manipulation) and to safeguard the integrity and confidentiality of sensitive information. Some of the requirements that DORA places on companies – and on service providers such as netfiles – include:
risk management
identification of vulnerabilities, risks and dependencies
failsafe performance testing
emergency backup plans and business continuity
ICT risk management for third parties
documentation and exchange of information
reporting of incidents
netfiles meets the following requirements
Governance and management
Regular security checks
Cyber-risk management
Employee training
Disaster recovery
Data protection
Certifications
Governance and management
netfiles GmbH has established a comprehensive risk management system that meets the requirements of ISO 22301, allowing the company to be successfully certified. As a result, we are able to identify and assess potential risks, but have also developed robust plans and procedures to minimize such risks or, in the event of that a given risk materializes, to deal with it effectively.
Regular security checks
netfiles data rooms are subjected to regular security tests performed by SySS GmbH, a specialist for security checks and penetration tests.
Cyber-risk management
netfiles’ comprehensive framework of preventive measures – such as real-time monitoring, vulnerability analysis, penetration tests and security guidelines – guarantees robust digital resilience.
Employee training
Regular training systematically instructs all staff on what to do in the event of a disaster/emergency and in response to cyber-risks. This firm foundation underpins netfiles’ security strategy.
Disaster recovery
Given an identical infrastructure and hardware plus mirrored data, a georedundant cold standby data center can very quickly assume all the tasks of the primary data center to ensure that netfiles’ services continue to run. This disaster recovery procedure is certified in accordance with ISO 22301.
Data protection
Pursuant to the strict rules of the EU’s General Data Protection Regulation (GDPR) and Germany’s Federal Data Protection Act (BDSG), netfiles is required to protect personal data. We enable you to work in full compliance with the GDPR and deliver maximum security for the processing of personal information.
Certifications
Independent institutions confirm the high standard of netfiles’ comprehensive security measures. We are certified in accordance with ISO/IEC 27001:2013, ISO 22301:2019 and SOC 2. We also meet all requirements for the security of cloud services and are certified in accordance with the Cloud Computing Compliance Criteria Catalogue (C5) promulgated by Germany’s Federal Office for Information Security (BSI).
Regular penetration tests are also performed independently, further confirming our high security standards. Go here for more information about our certifications.
Governance and management
netfiles GmbH has established a comprehensive risk management system that meets the requirements of ISO 22301, allowing the company to be successfully certified. As a result, we are able to identify and assess potential risks, but have also developed robust plans and procedures to minimize such risks or, in the event of that a given risk materializes, to deal with it effectively.
Regular security checks
netfiles data rooms are subjected to regular security tests performed by SySS GmbH, a specialist for security checks and penetration tests.
Cyber-risk management
netfiles’ comprehensive framework of preventive measures – such as real-time monitoring, vulnerability analysis, penetration tests and security guidelines – guarantees robust digital resilience.
Employee training
Regular training systematically instructs all staff on what to do in the event of a disaster/emergency and in response to cyber-risks. This firm foundation underpins netfiles’ security strategy.
Disaster recovery
Given an identical infrastructure and hardware plus mirrored data, a georedundant cold standby data center can very quickly assume all the tasks of the primary data center to ensure that netfiles’ services continue to run. This disaster recovery procedure is certified in accordance with ISO 22301.
Data protection
Pursuant to the strict rules of the EU’s General Data Protection Regulation (GDPR) and Germany’s Federal Data Protection Act (BDSG), netfiles is required to protect personal data. We enable you to work in full compliance with the GDPR and deliver maximum security for the processing of personal information.
Certifications
Independent institutions confirm the high standard of netfiles’ comprehensive security measures. We are certified in accordance with ISO/IEC 27001:2013, ISO 22301:2019 and SOC 2. We also meet all requirements for the security of cloud services and are certified in accordance with the Cloud Computing Compliance Criteria Catalogue (C5) promulgated by Germany’s Federal Office for Information Security (BSI).
Regular penetration tests are also performed independently, further confirming our high security standards. Go here for more information about our certifications.
Compliance
No-gaps implementation of regulatory requirements
netfiles supports companies as they implement central regulatory requirements, laying the foundation for fully compliant data exchange in sensitive contexts. For legal provisions such as the GDPR, NIS-2, DORA and for industry-specific requirements, there is no difference: Certified in accordance with ISO/IEC 27001:2013 and ISO 22301:2019, our data rooms satisfy the very strictest requirements in terms of confidentiality, integrity and availability.
Data is both stored and transmitted in encrypted form. Access controls can be micro-managed to a very granular level. And audit-proof documentation of all activities is guaranteed. Taken together, these measures ensure that your sensitive data is fully protected – and audit-proof – at all times.