Data Privacy Statement | Terms of Use | Imprint
© 2024 ALSO Cloud Marketplace
The Main European Regulations
At a Glance
Recommended Microsoft licenses
Microsoft 365 E5 (over 300 seats) + Azure security services
Business Premium + Defender and Purview Suite (under 300 seats) + Azure security services
Microsoft 365 E3 + Defender and Purview Suite (over 300 seats) + Azure security services
Unlock More Opportunities:
dora webinar series
Mastering the DORA Directive
The Digital Operational Resilience Act (DORA), effective January 17, 2025, will transform how financial institutions and their tech providers manage cybersecurity, ensuring they can withstand and recover from cyber threats. DORA mandates strict guidelines for ICT risk management, incident reporting, operational resilience testing, third-party risk management, and information sharing to safeguard against ICT-related incidents.
Join our focused webinar series to simplify the Digital Operational Resilience Act (DORA). Designed for financial sector professionals—CISOs, IT leaders, compliance officers, and cybersecurity experts—this series gives you the knowledge and tools to meet regulatory requirements and boost your organization’s resilience. Each 90-minute session covers key aspects of the directive, offering practical strategies, insights, and resources to help you stay compliant and strengthen your cybersecurity.
Start preparing for NIS2 with ALSO partners now!
Microsoft:
QS solutions:
ALSO
Agenda:
Cybersecurity Assessments with CSAT
NIS2 Objectives and Principles
NIS2 mapping to CIS cybersecurity framework and vice versa
Quick look at the deliverables of the CSAT assessments
CSAT assessment process
Trained partners & ALSO programs (where CSAT Is visible)
How to get a CSAT assessment
Introduction to NIS2
Impacted sector, implications, measures and alignment with Microsoft technology.
NEW to ALSO?
contact
Not Sure Which Microsoft Solutions Your Customers Need for NIS2 or DORA?
Request a call back and we will help you identify the right tools and technologies to support your customers’ compliance.
Webinar 2: Introduction to the Concepts and Requirements of DORA Directive
17.04.2025
10:00-12:00 CET
English (online)
Tobias
Webinar 3: ICT-related Risk and Incident Management in DORA Directive
24.04.2025
10:00-12:00 CET
English (online)
Tobias
Webinar 4: ICT Third-Party Risk Management and Information Sharing in DORA Directive
30.04.2025
NEW TIME: 14:00-16:00 CET
English (online)
Tobias
Webinar 5: Review and Continual Improvement in DORA Directive
07.05.2025
10:00-12:00 CET
English (online)
Tobias
NIS 2 Duties
(a) policies on risk analysis and information system security;
(b) incident handling;
(c) business continuity, such as backup management and disaster recovery, and crisis management;
(d) supply chain security, including security-related aspects concerning the relationships between each entity and its direct suppliers or service providers;
(e) security in network and information systems acquisition, development and maintenance, including vulnerability handling and disclosure;
(f) policies and procedures to assess the effectiveness of cybersecurity risk-management measures;
(g) basic cyber hygiene practices and cybersecurity training;
(h) policies and procedures regarding the use of cryptography and, where appropriate, encryption;
(i) human resources security, access control policies and asset management;
(j) the use of multi-factor authentication or continuous authentication solutions, secured voice, video and text communications and secured emergency communication systems within the entity, where appropriate.
NIS2 (EU Directive 2022/2555)
Cybersecurity requirements now cover over 18 critical sectors, focusing on enhanced risk management, incident reporting, supply chain security, and executive accountability. Enforcement is by Member States, with alignment since October 17, 2024. Microsoft offers guidance—like MFA and incident management—and shows how Security + Purview can assist.
CRA — Cyber Resilience Act (Regulation (EU) 2024/2847)
A product-centric law requiring secure-by-design and secure-by-default principles for all products with digital elements—including hardware, software, and IoT—has been enacted and is effective as of December 10, 2024. Obligations for vulnerability reporting commence on September 11, 2026, while comprehensive requirements including CE marking take effect from December 11, 2027. The Commission has issued FAQs and guidance to clarify lifecycle security, procedures for vulnerability management, conformity assessment processes, and the timeline for harmonized standards.
DORA (Regulation (EU) 2022/2554)
Effective January 17, 2025, EU financial entities and their ICT providers must comply with standardized ICT risk management, incident reporting, resilience testing (including TLPT), and third-party risk oversight. Microsoft Ireland Operations Ltd. is recognised as a Critical Third-Party Provider under ESA supervision. Microsoft's Trust Center offers tools and frameworks to help cloud operations and third-party risk align with DORA requirements.
NIS2 & DORA Enablement for Partners
Compliance x Chorus SOC
Additionally, if you don’t have internal capacity to monitor, detect and respond to incidents, you would need to outsource this to 3 parties. We have a partnership with Chorus SOC.
- Connects to your customer's Microsoft environment in read-only mode (safe and secure). Scans endpoints, Active Directory, Microsoft 365, and Azure infrastructure.
- Automated report with a cybersecurity maturity score. Checks compliance against CIS (Center for Internet Security) standards and highlights gaps.
- Clear action plan with prioritized recommendations. Maps to specific Microsoft security solutions your customer needs.
Compliance x QS Solution
ALSO is one of Europe’s leading technology providers, active in 28 countries and reaching 143 countries via PaaS partners, connecting 120,000+ resellers with 700+ vendors across 1,450+ product categories.
M365 Business Premium
Compliance
Complement MS Security
Webinars
Customer Enablement
Recommended Microsoft licenses
for NIS2 compliance journey
It is also recommended to use regulation assessment in the Compliance Manager in Microsoft Purview Portal and Regulatory Compliance in Defender for Cloud.