Compliance: DORA

Digital resilience for the financial sector

Years of experience in data security combine with independent certifications and regular checks on all security measures to make netfiles a reliable partner for the financial sector. We give you:

  • High security and availability

  • Development and hosting activities and company headquarters in Germany alone

  • Certified and audited data storage in full compliance with data protection legislation

  • Full compliance with the DORA requirements placed on ICT service providers

What is DORA?

The Digital Rights Resilience Act (DORA), also known as regulation (EU) 2022/2554, came into force on January 17, 2025. Its objective is to strengthen cyber-resilience in the financial sector and protect the industry from growing threats.

In a single EU regulation, DORA brings together a variety of requirements designed to reinforce cybersecurity and minimize risks around information and communication technology (ICT). By implementing these prescriptions, the financial sector should become more resilient in the face of ICT-related disruptions and be able to react more quickly to cyber-attacks.

Who is affected?

Banks, insurance companies, investment firms and payment service providers – indeed virtually all institutions and companies in the European financial sector – are affected by DORA, as are their ICT providers. By implication, this means that netfiles too must comply with the requirements of DORA.

What do companies have to do?

To comply with DORA, players in the financial sector must ensure that data and files are exchanged securely – especially when dealing with external parties. This involves measures to minimize risks (such as data leaks and data manipulation) and to safeguard the integrity and confidentiality of sensitive information. Some of the requirements that DORA places on companies – and on service providers such as netfiles – include:

  • risk management

  • identification of vulnerabilities, risks and dependencies

  • failsafe performance testing

  • emergency backup plans and business continuity

  • ICT risk management for third parties

  • documentation and exchange of information

  • reporting of incidents

netfiles meets the following requirements

Easy to use checkmark icon

Governance and management

netfiles GmbH has established a comprehensive risk management system that meets the requirements of ISO 22301, allowing the company to be successfully certified. As a result, we are able to identify and assess potential risks, but have also developed robust plans and procedures to minimize such risks or, in the event of that a given risk materializes, to deal with it effectively.

Easy to use checkmark icon

Regular security checks

netfiles data rooms are subjected to regular security tests performed by SySS GmbH, a specialist for security checks and penetration tests.

Easy to use checkmark icon

Cyber-risk management

netfiles’ comprehensive framework of preventive measures – such as real-time monitoring, vulnerability analysis, penetration tests and security guidelines – guarantees robust digital resilience.

Easy to use checkmark icon

Employee training

Regular training systematically instructs all staff on what to do in the event of a disaster/emergency and in response to cyber-risks. This firm foundation underpins netfiles’ security strategy.

Easy to use checkmark icon

Disaster recovery

Given an identical infrastructure and hardware plus mirrored data, a georedundant cold standby data center can very quickly assume all the tasks of the primary data center to ensure that netfiles’ services continue to run. This disaster recovery procedure is certified in accordance with ISO 22301.

Easy to use checkmark icon

Data protection

Pursuant to the strict rules of the EU’s General Data Protection Regulation (GDPR) and Germany’s Federal Data Protection Act (BDSG), netfiles is required to protect personal data. We enable you to work in full compliance with the GDPR and deliver maximum security for the processing of personal information.

Easy to use checkmark icon

Certifications

Independent institutions confirm the high standard of netfiles’ comprehensive security measures. We are certified in accordance with ISO/IEC 27001:2013, ISO 22301:2019 and SOC 2. We also meet all requirements for the security of cloud services and are certified in accordance with the Cloud Computing Compliance Criteria Catalogue (C5) promulgated by Germany’s Federal Office for Information Security (BSI).

Regular penetration tests are also performed independently, further confirming our high security standards. Go here for more information about our certifications.

Compliance

No-gaps implementation of regulatory requirements

netfiles supports companies as they implement central regulatory requirements, laying the foundation for fully compliant data exchange in sensitive contexts. For legal provisions such as the GDPR, NIS-2, DORA and for industry-specific requirements, there is no difference: Certified in accordance with ISO/IEC 27001:2013 and ISO 22301:2019, our data rooms satisfy the very strictest requirements in terms of confidentiality, integrity and availability.

Data is both stored and transmitted in encrypted form. Access controls can be micro-managed to a very granular level. And audit-proof documentation of all activities is guaranteed. Taken together, these measures ensure that your sensitive data is fully protected – and audit-proof – at all times.

netfiles

Information & advise