<img height="1" width="1" style="display:none;" alt="" src="https://px.ads.linkedin.com/collect/?pid=5443458&amp;fmt=gif">

Finance

Risk management, security and privacy within financial institutions

Financial institutions and larger organizations face increasing administrative burdens to comply with many standards. Especially in the area of information security and data privacy, there is a challenge. How digitally resilient are we as an organization? How do we remain compliant? As an executive, do I have sufficient insight into my digital risks? And are we working on the right priorities? Enough questions that Perium will give you quick and good answers to.

In addition to legal requirements from, for example, the AVG, Financial Institutions must also comply with information security standards. Whether this is based on the DNB Good Practice IB or the ISO27001/ISO27002, there is a lot involved. You need to set up an Information Security Management System (ISMS) and take the right control measures to bring digital risks to an acceptable level. Perium helps you set up, organize and maintain all relevant matters. In this way, you remain demonstrably in control and optimize your digital resilience.

Of course, besides digital risks, you also want to get and keep a grip on other risks. Think of financial, market, operational, process or project risks, which are usually registered in an Excel file and spread throughout the organization. Perium offers one source and thus an integral overview and grip on all your risks.

 

DORA

DORA came into force in early 2023. DORA stands for "Digital Operational Resilience Act" and is the new European regulation to increase the digital resilience of the industry. This new regulation is mandatory for all financial companies. With DORA, the European Commission has three main goals in mind:

  • Harmonize the fragmented rules regarding digital resilience in the EU.
  • Create a basic framework for financial organizations for which there is no regulation yet.
  • Better mitigating risks of outsourcing by the financial sector to critical digital third-party service providers.

 

DORA imposes requirements on financial organizations regarding: IT risk management, IT incidents, periodic testing of digital resilience, and the management of risks in critical outsourcing to third parties.

A number of articles of the DORA are still being further specified using Regulatory (RTS) or Implementation Technical Standards (ITS). The first standards are almost final and the second set of standards are expected during 2024. As soon as these standards are published, they will become available in Perium.If you are already DNB proof or ISO27001 certified, then you would like to know what connection there is between DORA and, for example, the DNB Good Practice IB and/or ISO27001/27002. Perium maps this out and provides insight so that you can efficiently use what is already there. Nice to avoid double work so you are prepared in time.

Companies have until December 2024 to comply with the regulations. As of January 2025, the rules must be implemented in every organization. AFM and DNB are expected to jointly monitor compliance with the regulation.

 

ISQM1

ISQM1 (International Standard on Quality Management) will be the new international quality management standard for firms performing audits or reviews of a company's financial statements as of December 2022. Following a number of audit problems, including large companies, and the constantly changing financial sector, the standard is intended to improve audit quality. This will also strengthen public confidence in the profession.

The ISQM1 focuses on quality management and contains 43 requirements (or management measures) that the firm must meet. The standard requires the firm to adopt a risk-based approach so that the firm ensures the quality of the engagements performed. The Perium platform offers the complete risk management process including the control measures and a robust PDCA cycle so that offices can efficiently and demonstrably implement the ISQM1.

 

ISMS, PIMS or QMS?

The ISMS (Information Security Management System) drives your information security activities. It ensures a continuous improvement process using the PDCA cycle. Besides the ISMS (ISO27001), Perium also includes other relevant management systems such as the PIMS (Privacy Information Management System) or QMS (Quality Management System), the quality system according to ISO9001.

Are you facing the challenge to take information security to the next level and also be compliant with the AVG/GDPR, then our platform also offers the principles of the AVG/GDPR. In combination with, for example, the ISO27001/27002 standard or the DNB Good Practice IB, you thus create one environment with an ISMS and/or PIMS for improving information security and data privacy. With the help of the PDCA cycle in Perium you come and stay demonstrably in control.

Norms and standards

DNB Good Practice

AVG

DORA

ISQM1