Compliance with DORA & NIS2

EmailLabs, as part of the Vercom S.A. group, actively adapts its ICT (Information and Communication Technology) services to the latest European cybersecurity standards. Our goal is to ensure full compliance with key legal regulations and to support our Clients in fulfilling their own obligations in this regard. This particularly applies to:

Regulation (EU) 2022/2554 of the European Parliament and of the Council on digital operational resilience for the financial sector (the DORA – Digital Operational Resilience Act).
Directive (EU) 2022/2555 of the European Parliament and of the Council on measures for a high common level of cybersecurity across the Union (the NIS2 Directive), and the related national Act on the National Cybersecurity System.

What are DORA and NIS2?

DORA (Digital Operational Resilience Act): This is a European Union regulation aimed at strengthening the digital operational resilience of financial sector entities (such as banks, insurance companies, payment institutions) and their critical ICT service providers. DORA imposes a series of obligations on these organizations related to comprehensive ICT risk management, including identifying and classifying risks, operational resilience testing, managing and reporting ICT-related incidents, and managing third-party ICT provider risk.
NIS2 (Network and Information Security Directive 2): This is an EU directive that replaces the previous NIS directive. Its goal is to raise the overall level of cybersecurity throughout the European Union by expanding the scope of entities covered by the regulation (so-called essential and important entities) and imposing more stringent requirements on them regarding risk management, incident reporting, and supervision. It covers a wide range of sectors, including digital service providers like EmailLabs.

EmailLabs' Approach to Ensuring Compliance ("Security First")

At EmailLabs (Vercom S.A.), we implement a range of measures and maintain high standards to meet the requirements of DORA and NIS2 and to ensure the security and reliability of our services:

Compliance with International Standards: We hold certificates confirming compliance with ISO/IEC 27001 (Information Security Management), ISO/IEC 22301 (Business Continuity Management), and ISO/IEC 27018 (Protection of Personal Data in Public Clouds), which provides a solid foundation for meeting many DORA and NIS2 requirements.
Advanced Cybersecurity Risk Management: We apply a systematic approach to identifying, assessing, and mitigating threats and vulnerabilities in our systems and services.
Continuous Monitoring of Incidents and Vulnerabilities: We actively monitor our IT environment for potential threats, security incidents, and vulnerabilities to respond to them quickly.
Regular Penetration Tests: Our systems undergo regular, independent penetration tests to verify their resilience against attacks.
Advanced Cryptographic Safeguards: We use strong encryption mechanisms to protect data in transit and at rest (for backups).
Access Control and Human Resources Security: We have implemented restrictive policies and procedures for controlling access to systems and data, and we ensure appropriate security training and awareness for our employees.
Business Continuity Plans (BCP) and Disaster Recovery Plans (DRP): We have and regularly test plans to ensure the stability and rapid restoration of services in the event of unforeseen incidents.
Guaranteed Service Levels (SLA): We define clear parameters for the availability and reliability of our services.
Cybersecurity Training: We regularly raise the awareness and competence of our employees in the field of cybersecurity.

Annex to the Agreement Regarding DORA for the Financial Sector

Understanding the specific needs of our Clients in the financial sector who are directly subject to the DORA Regulation, and based on the guidelines of the Polish Bank Association, we have prepared a template for an annex to the EmailLabs service agreements. This allows for the quick and effective adaptation of existing agreements to DORA requirements regarding cooperation with an ICT service provider.

You can find the annex template in the section Document Templates for Clients.

To discuss and sign the annex, please contact our sales team at: sales@emaillabs.pl.

PreviousISO Certifications NextSecurity and Penetration Tests

Last updated 2 days ago

Compliance with DORA & NIS2

Regulation (EU) 2022/2554 of the European Parliament and of the Council on digital operational resilience for the financial sector (the DORA – Digital Operational Resilience Act).
Directive (EU) 2022/2555 of the European Parliament and of the Council on measures for a high common level of cybersecurity across the Union (the NIS2 Directive), and the related national Act on the National Cybersecurity System.

What are DORA and NIS2?

DORA (Digital Operational Resilience Act): This is a European Union regulation aimed at strengthening the digital operational resilience of financial sector entities (such as banks, insurance companies, payment institutions) and their critical ICT service providers. DORA imposes a series of obligations on these organizations related to comprehensive ICT risk management, including identifying and classifying risks, operational resilience testing, managing and reporting ICT-related incidents, and managing third-party ICT provider risk.
NIS2 (Network and Information Security Directive 2): This is an EU directive that replaces the previous NIS directive. Its goal is to raise the overall level of cybersecurity throughout the European Union by expanding the scope of entities covered by the regulation (so-called essential and important entities) and imposing more stringent requirements on them regarding risk management, incident reporting, and supervision. It covers a wide range of sectors, including digital service providers like EmailLabs.

EmailLabs' Approach to Ensuring Compliance ("Security First")

At EmailLabs (Vercom S.A.), we implement a range of measures and maintain high standards to meet the requirements of DORA and NIS2 and to ensure the security and reliability of our services:

Compliance with International Standards: We hold certificates confirming compliance with ISO/IEC 27001 (Information Security Management), ISO/IEC 22301 (Business Continuity Management), and ISO/IEC 27018 (Protection of Personal Data in Public Clouds), which provides a solid foundation for meeting many DORA and NIS2 requirements.
Advanced Cybersecurity Risk Management: We apply a systematic approach to identifying, assessing, and mitigating threats and vulnerabilities in our systems and services.
Continuous Monitoring of Incidents and Vulnerabilities: We actively monitor our IT environment for potential threats, security incidents, and vulnerabilities to respond to them quickly.
Regular Penetration Tests: Our systems undergo regular, independent penetration tests to verify their resilience against attacks.
Advanced Cryptographic Safeguards: We use strong encryption mechanisms to protect data in transit and at rest (for backups).
Access Control and Human Resources Security: We have implemented restrictive policies and procedures for controlling access to systems and data, and we ensure appropriate security training and awareness for our employees.
Business Continuity Plans (BCP) and Disaster Recovery Plans (DRP): We have and regularly test plans to ensure the stability and rapid restoration of services in the event of unforeseen incidents.
Guaranteed Service Levels (SLA): We define clear parameters for the availability and reliability of our services.
Cybersecurity Training: We regularly raise the awareness and competence of our employees in the field of cybersecurity.

Annex to the Agreement Regarding DORA for the Financial Sector

You can find the annex template in the section Document Templates for Clients.

To discuss and sign the annex, please contact our sales team at: sales@emaillabs.pl.

PreviousISO Certifications NextSecurity and Penetration Tests

Last updated 2 days ago