top of page

News & Updates

Sign up to be the first to be informed of our news & updates

 

Join our mailing list

Never miss an update

Search

The EU has introduced a new regulation aimed at bolstering the digital operational resilience of financial entities operating within its borders. Known as the Digital Operational Resilience Act (DORA), this comprehensive framework establishes a set of rigorous information security and operational resilience requirements that financial firms must adhere to.


At its core, DORA mandates that financial institutions implement robust risk management frameworks, governance policies, and security strategies to identify, assess, and mitigate risks associated with their information and communication technology (ICT) systems. This includes conducting regular independent audits, implementing incident response and business continuity plans, also monitoring and testing ICT systems and security controls.


One of the key focus areas of DORA is third-party risk management. Financial entities must have a robust framework in place to identify, assess, and manage risks associated with their third-party service providers, ensuring that their partners adhere to the same high standards of digital operational resilience.


Additionally, DORA sets specific requirements for the use of cryptographic techniques, endpoint device security, and information sharing among financial institutions and regulatory authorities. Firms must also conduct regular digital operational resilience testing, including scenario-based testing and threat intelligence gathering, to assess their ability to withstand and recover from potential cyber threats and operational disruptions.


By establishing these comprehensive information security and operational resilience requirements, DORA aims to enhance the overall digital resilience of the financial sector in the European Union, safeguarding financial institutions and their customers from the ever-evolving cyber threats and operational risks that can disrupt critical financial services.


As financial firms navigate the complexities of DORA implementation, they must prioritise the development of robust governance frameworks, risk management strategies, and operational resilience capabilities to ensure compliance and protect their digital assets and operations from potential threats.


Fortis Cyber has the skillset and expertise to support organisations in getting ready for compliance. Time flies, and this regulation comes into effect in January 2025, so get your ducks in a row now.

9 views0 comments

What is TISAX?


The automotive industry deals with numerous business-critical assets and confidential data particularly in relation to R&D, design data, technology, and prototypes. In order to systematically safeguard that information, TISAX (Trusted Information Security Assessment Exchange) was developed to help the industry adopt a robust standardised approach to information security management systems and build trust and assurance throughout the supply chain.


The ENX Association, made up of motor manufacturers, suppliers, and national automotive associations, maintains the framework of criteria that defines the required information security management system (ISMS) standards for TISAX. TISAX then enables companies to share their information security assessment results with other participants and potential business partners.





Why get TISAX?


The requirements for TISAX are very closely aligned to ISO/IEC 27001, but also cover additional industry-specific requirements for data protection, supply chain security and prototype protection.

TISAX certification provides assurance that partners are operating to defined standards and best practice, and although not mandatory, it is generally regarded as a precondition to doing business within the European automotive industry.


Therefore, if your company wants to be recognised as a potential supplier or partner for Original Equipment Manufacturers (OEMs) and major car marques, it is essential to go through the TISAX assessment process.


Benefits of TISAX:


· Enables your organisation to systematically secure confidential and business-critical data and effectively manage and mitigate risk.

· Demonstrates your commitment to maintaining best practice security standards and builds confidence and trust in your business.

· Identifies your business as a potential partner throughout the international automotive industry and provides a competitive advantage over companies that do not have the TISAX standard.

· Provides a robust framework to help your organisation manage its regulatory and legal requirements and maintain compliance.

· Delivers efficiencies and promotes easier collaboration between suppliers and manufacturers by eliminating duplication of tasks.


Types of TISAX assessment:


There are 3 basic TISAX Assessment Levels, in addition to optional prototype protection and data protection checks.


· Assessment Level 1: Self-assessment questionnaire.

· Assessment Level 2: Review of self-assessment questionnaire by accredited independent external auditor, remote plausibility check and interview.

· Assessment Level 3: Verification of self-assessment questionnaire by accredited independent external auditor, comprehensive on-site inspection, and interview.


Fortis deliver a wide range of TISAX consultancy services that help organisations to:


· Understand the TISAX assessment requirements, establish which Assessment Level is appropriate for the business and define the scope.

· Carry out a full gap analysis and recommend corrective actions.

· Optimise the existing ISMS to bring it up to the required standard.

· Plan and implement a fully integrated ISMS.

· Ensure ongoing maintenance and assurance of the TISAX framework during the three-year re-certification cycle.


Get in touch to find out more about how we can support your business with TISAX compliance.

8 views0 comments

Updated: Sep 5, 2023

The Cyber Advisor Scheme is a collaboration between the National Cyber Security Centre (NCSC) and IASME to ensure that organisations providing Cyber Essentials consultancy and support meet certain standards of expertise and trustworthiness.

The primary focus of Cyber Advisors is to assist organisations in implementing the five Cyber Essentials Technical Controls. This particular service is referred to as Cyber Advisor (Cyber Essentials) to distinguish it from potential future assured Cyber Advisors who will support small organizations in other areas of cybersecurity.

The adoption of the Cyber Essentials standard stems from the NCSC's recognition of its effectiveness as a fundamental baseline for defending against various commonly encountered cyber attacks, including ransomware attacks.

Cyber Advisors (Cyber Essentials) are well-equipped to help organizations evaluate the disparity between their existing cybersecurity posture and the level achieved by implementing the Cyber Essentials technical controls. This service is tailored specifically for small and medium-sized organisations, and the Advisors have undergone assessments not only to validate their technical expertise but also to ensure their ability to work effectively with small organizations. Fortis Cyber being awarded Cyber Advisor (Cyber Essentials) status means that they have been recognized as a trusted provider of Cyber Essentials consultancy and support. This designation indicates that Fortis Cyber has met the requirements set by the NCSC and IASME and can offer expert advice and guidance regarding Cyber Essentials.

By choosing Fortis Cyber as your provider, you can have confidence that you are in good hands and can expect knowledgeable and reliable assistance in implementing and maintaining Cyber Essentials practices. It's always important to work with reputable and accredited organisations when it comes to cybersecurity, and Fortis Cyber's Cyber Advisor status demonstrates their commitment to delivering high-quality services in this field.

280 views0 comments
bottom of page