Services Compliance About Us Customers Contact Us
SK|EN
Back to Services
09 — Regulatory Compliance

NIS2 / DORA / ISO 27001

European legislation is changing the rules. NIS2, DORA and ISO 27001 are not just checklists — they are legal obligations with fines for non-compliance. We will help you achieve and maintain compliance.

NIS2 & DORA
EU regulation with fines
ISO 27001
ISMS certification
Slovak ZKB
Act No. 69/2018 Coll.
What's Included

A Complete Path to Regulatory Compliance

From the initial GAP analysis to the certification audit — we guide you through the full process of achieving and maintaining compliance with NIS2, DORA, ZKB and ISO 27001.

GAP Analysis of Current State
In-depth assessment of current security posture against NIS2, DORA, ZKB or ISO 27001 requirements — identifying specific gaps and prioritising remediation actions.
Risk Assessment & Risk Matrix
Systematic identification, analysis and evaluation of the organisation's information risks — risk matrix with likelihood, impact and planned remediation for each risk.
Security Policy Documentation
Creating a complete set of security policies and guidelines — ISMS policy, information classification, acceptable use policy, password policy and other mandatory documents.
Technical Implementation of Measures
Implementation of specific technical security measures required by regulation — in collaboration with our IT team or as consultancy for your internal team.
Incident Response Plan
Drafting a formal incident response plan including notification obligations under NIS2 (24h/72h) and DORA — with defined roles, responsibilities and communication procedures.
Business Continuity Plan
Business continuity and incident recovery plan — BIA analysis, RTO/RPO definition, critical system recovery plan and regular exercises per ISO 22301.
Internal Audit
Conducting an internal ISMS audit per ISO 27001 requirements — verifying the effectiveness of implemented controls, identifying non-conformities and providing recommendations for management review.
Employee Training & Awareness
Security training for all employees — phishing awareness, safe data handling, incident reporting — with testing and records of completed training.
Representation before the Regulator
Representing the organisation in communications with NBÚ, NBS or another sectoral regulator — preparing submissions for registration, notifications and responses to queries.
Cybersecurity Status Report
Regular cybersecurity status reports for the organisation's management — regulatory compliance, implementation status, incidents and next steps.
Certification Audit (ISO 27001)
Support in preparing for the ISO 27001 certification audit — pre-certification review, non-conformity resolution, coordination with an accredited certification body and on-site audit support.
Ongoing Compliance Monitoring
Continuous monitoring of regulatory changes and their impact on the organisation — documentation updates, periodic reviews and maintaining compliance over time.
Who It's For

Who Needs Compliance Advisory

  • ZKB essential and important entities required to comply with Act No. 69/2018 Coll.
  • Financial institutions subject to DORA — banks, insurers, asset managers
  • Companies pursuing ISO 27001 certification as a competitive advantage or customer requirement
  • Suppliers to regulated sectors where customers require demonstrated security compliance
  • Organisations facing an upcoming NBÚ or sectoral regulator audit without prepared documentation
  • Companies after a security incident required to implement regulator-mandated remediation measures
Problems We Solve

What Regulatory Non-Compliance Means

  • NBÚ fine for NIS2/ZKB non-compliance — up to EUR 10M or 2% of global turnover for essential entities
  • Customer or partner requires ISO 27001 certificate — without it the contract is at risk
  • ZKB NBÚ audit identified critical gaps and set a remediation deadline that is approaching
  • Security incident without a formal response plan — regulator assesses failure to notify within 24h
  • Missing ISMS documentation — certification audit fails in the first stage without a basic policy set
  • DORA ICT risk management requirement — financial institution without a documented process
Legislative Framework

Three Regulations, One Integrated Approach

NIS2, DORA and ISO 27001 complement each other — a well-designed ISMS covers the requirements of all three. Our approach maximises synergy and minimises duplicated effort.

NIS2
Directive (EU) 2022/2555
Transposed into Slovak law as Act No. 69/2018 Coll. (ZKB). Essential entities face fines up to EUR 10M, important entities up to EUR 7M. Applies to energy, transport, healthcare, digital infrastructure and other sectors.
DORA
Regulation (EU) 2022/2554
Digital Operational Resilience Act in force from January 2025 for the entire EU financial sector. Requires ICT risk management, resilience testing, third-party management and mandatory incident reporting to the regulator.
ISO 27001
ISO/IEC 27001:2022
International standard for information security management systems (ISMS). Certification demonstrates to customers and partners a systematic approach to security — an increasingly common contract requirement.

Find Out Where You Stand Against NIS2, DORA and ISO 27001

We start with a free GAP analysis — in a single session we identify critical gaps and propose a realistic compliance roadmap.

Contact Us