Risk management, security and privacy within financial institutions

Financial institutions and larger organizations face increasing administrative burdens to comply with many standards. Especially in the area of information security and data privacy, there is a challenge. How digitally resilient are we as an organization? How do we remain compliant? As an executive, do I have sufficient insight into my digital risks? And are we working on the right priorities? Enough questions that Perium will give you quick and good answers to.

Play video

Perium explained in 2 minutes.

In addition to the legal requirements from the AVG, financial institutions must also comply with information security standards. Whether this is based on the DNB Good Practice IB or the ISO27001/ISO27002, there is a lot involved. You need to set up an Information Security Management System (ISMS) and take the right control measures to bring digital risks to an acceptable level. Perium helps you set up, put in order and maintain all relevant matters. This way, you remain demonstrably in control and optimize your digital resilience.

Besides the digital risks, you also want to get and keep a grip on the other risks. Think of financial, market, operational, process or project risks, usually registered in an Excel file and also spread throughout the organization. Perium offers one source and thus an integral overview and grip on all your risks.


DORA came into force in early 2023. DORA stands for "Digital Operational Resilience Act" and is the new European regulation to increase the digital resilience of the industry. This new regulation is mandatory for all financial firms. With DORA, the European Commission has three main goals in mind:

  • Harmonize the fragmented rules regarding digital resilience in the EU.

  • Create a basic framework for financial organizations for which there is no regulation yet.

  • Better mitigating risks of outsourcing by the financial sector to critical digital third-party service providers.

DORA imposes requirements on financial organizations regarding: IT risk management, IT incidents, periodic testing of digital resilience, and the management of risks in critical outsourcing to third parties.

If you are already DNB proof or ISO27001 certified, then you would like to know what connection there is between DORA and, for example, the DNB Good Practice IB and/or ISO27001/27002. Perium maps this out and provides insight so that you can efficiently use what is already there. Nice to avoid double work so you are prepared in time.

Companies have until December 2024 to comply with the regulations. As of January 2025, the rules must be implemented in every organization.

AFM and DNB are expected to jointly monitor compliance with the regulation.


ISQM1 (International Standard on Quality Management) will be the new international quality management standard for firms performing audits or reviews of a company's financial statements as of December 2022. Following a number of audit problems, including large companies, and the constantly changing financial sector, the standard is intended to improve audit quality. This will also strengthen public confidence in the profession.

The ISQM1 focuses on quality management and contains 43 requirements (or management measures) that the firm must meet. The standard requires the firm to adopt a risk-based approach so that the firm ensures the quality of the engagements performed. The Perium platform offers the complete risk management process including the control measures and a robust PDCA cycle so that offices can efficiently and demonstrably implement the ISQM1.


The ISMS (Information Security Management System) drives your information security activities. It ensures a continuous improvement process using the PDCA cycle. Besides the ISMS (ISO27001), Perium also includes other relevant management systems such as the PIMS (Privacy Information Management System) or QMS (Quality Management System), the quality system according to ISO9001.

Are you facing the challenge to take information security to the next level and also be compliant with the AVG/GDPR, then our platform also offers the principles of the AVG/GDPR. In combination with, for example, the ISO27001/27002 standard or the DNB Good Practice IB, you thus create one environment with an ISMS and/or PIMS for improving information security and data privacy. With the help of the PDCA cycle in Perium you come and stay demonstrably in control.

Getting started quickly and easily

If you try our trial version for free and without obligation, you will immediately notice that the platform works intuitively. We offer templates you can use right away.

Many risks and measures have already been identified. Perium has already prepared these risks and standards for you. No need to reinvent the wheel. And does your organization have specific risks? You can add those in a minute.

Once you get going, you keep going. Your organization's resilience improves every day thanks to the built-in improvement cycle.

Request a Perium Free Trial account

Why Perium?

Perium allows you to easily set up and manage your ISMS and PIMS. In addition, Perium includes all relevant digital risks and the control measures of the DNB Good practice IB and ISO27002, among others. Using a smart wizard, you can quickly get started and create your own customized internal control framework in Perium. Using a smart PDCA cycle, the Perium platform ensures that the right actions are triggered at the right time with the right person. Control and transparency improve visibly fast.

With the Perium platform, you get: