// Blog / Security
11.02.2025

netfiles data rooms and DORA compliance

DORA Security Data protection Data Exchange

DORA is currently on everyone's lips. This is because financial companies and their ICT service providers must fully comply with the requirements of the Digital Operational Resilience Act (DORA) by January 17, 2025. The European Union's corresponding Regulation EU 2022/2554 aims to strengthen the digital security and resilience of the financial sector and also includes requirements for the secure exchange of information. netfiles consistently supports you in complying with many DORA requirements through extensive security measures and certifications. Because data protection and data security are extremely important to us – and not just since DORA.

What is DORA and who does it affect?
DORA brings together various requirements for strengthening cyber security and minimizing the risk of information and communication technology (ICT) in an EU regulation. This includes the areas of risk management, incident handling and reporting, testing/penetration testing, management and monitoring of third-party service providers, information sharing and emergency drills. By implementing these requirements, the financial sector is expected to become more resilient to ICT-related disruptions and threats and to be able to respond more quickly to cyber attacks.

Almost all institutions and companies in the European financial sector such as banks, insurance companies, investment firms or payment service providers as well as their ICT service providers are affected by DORA.

Data protection and data security at netfiles
In order to achieve DORA compliance, financial players must also ensure security when exchanging data and files – especially with external parties. This includes measures that minimize risks such as data leaks or data manipulation and ensure the integrity and confidentiality of sensitive information.

netfiles supports you in complying with many DORA requirements through extensive security measures and certifications. Here are a few examples:

  • Governance and management: netfiles GmbH has been successfully certified by implementing a comprehensive risk management system that meets the requirements of ISO 22301. This means that we have not only identified and assessed potential risks, but also developed robust plans and procedures to mitigate them or manage them effectively should they occur.

  • Regular security auditing: The netfiles application is regularly subjected to rigorous security testing by SySS GmbH, the specialists in security auditing and penetration testing.

  • Cyber risk management: With a comprehensive framework of preventative measures – such as real-time monitoring, vulnerability analysis, penetration testing and security policies – netfiles ensures robust digital resilience.

  • Employee training: Regular training sessions, where all employees are systematically instructed in emergency procedures and cyber risks, form the foundation of the netfiles security strategy.

  • Disaster recovery: A geo-redundant cold standby data center can take over all tasks of the primary data center within a very short time using an identical infrastructure and hardware, as well as mirrored data, and ensure the continuous operation of the netfiles service. Disaster recovery is certified in accordance with ISO 22301.

  • Data protection: For the protection of personal data, netfiles is subject to the strict regulations of the EU General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG). We guarantee GDPR-compliance and maximum security when processing personal information.

  • Certifications: Our comprehensive security measures have been independently confirmed: netfiles has been successfully certified by German technical service provider TÜV in accordance with ISO/IEC 27001:2013 and ISO 22301:2019 and by auditors in accordance with SOC 2. We also meet the requirements for the security of cloud services, as evidenced by the C5 certificate from the German Federal Office for Information Security (BSI).

Our many years of experience in the field of data security, independent certifications and regular reviews of all security measures make netfiles a reliable partner for the financial sector too.

Further information
All information on our security measures can be found on our website. And if you have any questions, our sales team will be happy to advise you.