We use cookies.

Formpipe uses cookies to improve how the website works for you as a visitor.  To change your settings or for more information about cookies, click on 'Settings'.

 

Cookie policy

Cookie Settings.

Formpipe uses cookies to improve how the website works for you as a visitor. Here you can change and see information about what cookies are used. Turn on and off categories and save your choice. To learn more click 'Cookie policy'.

Consent last saved:

Necessary cookies

These cookies are essential for the website to operate correctly and cannot be disabled without ruining the usability of the website. We delete these cookies when you leave the website, where possible.

Name Retention period Information about the cookie Disclosure of information to third party
ASP.NET_SessionId Used to maintain an anonymised user session by the server. 1 session No.
cookie-consent-settings Used to determine if the user has accepted the cookie consent, contains consent choises 30 days No.
lidc To promote data center selection 1 day Yes, LinkedIn
li_mc Used as a temporary cache to avoid database lookups for a member's consent for use of non-essential cookies and used for having consent information on the client side to enforce consent on the client side  2 years  Yes, LinkedIn
BIGipServer~EPWS~EPWSWEB103_HTTP_Pool Determine pool  1 session Yes, EPiServer

Statistics, anonymous data collection

These cookies are used to track our visitors across our website. They can be used to build up a profile of search and/or browsing history for every visitor, or to better understand how the user uses the website so that we can improve it. Identifiable or unique data may be collected. Anonymized data may be shared with third parties.

Name Information about the cookie Retention period Disclosure of information to third party
_fbp Used by Facebook 90 days Yes, Facebook
AnalyticsSyncHistory Used by LinkedIn 30 days Yes, LinkedIn
bcookie browser identification 2 years Yes, LinkedIn
lang Language  preference 1 session Yes, LinkedIn
li_gc Used to store guests' consent to the use of cookies for non-essential purposes 2 Years Yes, linkedIn
lms_analytics Used to identify LinkedIn Members in the Designated Countries for analytics 30 days Yes, LinkedIn
_guid Used to identify a LinkedIn Member for advertising through Google Ads 30 days Yes, LinkedIn
_ga Used by Google Analytics to identify a visit. 2 years Yes, Google gains access to the information collected by the cookie.
_gid Used by Google Analytics to identify a visit. 24 hours Yes, Google gains access to the information collected by the cookie.
_gat_gtag_[Property-ID] Used by Google Analytics to identify if a visitor (web browser) is new or recurrent. 1 minute Yes, Google gains access to the information collected by the cookie.

Marketing, targeted advertisement

These cookies are used by third party to track and collect data to be used in advertisment. They can be used to build up a search and/or browsing history for every visitor. Identifiable or unique data may be collected.

Name Information about the cookie Retention period Disclosure of information to third party
ajn Used by adnxs for marketing 90 days Yes, adnxs
uuid2 Used by adnxs for marketing 90 days Yes, adnxs
IDE Used by Google doubelclick 2 years Yes, doubleclick
_gcl_au Google adsense 30 days Yes, Google
msd365mkttr Dynamics marketing 2 years Yes, Microsoft
NID Google ads optimization 6 months Yes, Google
__Secure-3PAPISID Builds a profile of website visitor interests 2 years Yes, Google
__Secure-3PAPISID Builds a profile of website visitor interests 2 years Yes, Google
__Secure-3PAPISID Builds a profile of website visitor interests 1 year Yes, Google
UserMatchHistory Sync LinkedIn Ads ID 30 days Yes, LinkedIn
lms_ads Used to identify LinkedIn Members off LinkedIn in the Designated Countries for advertising 30 days Yes, LinkedIn
Cookie policy

We would love to talk to you. Give us a call, visit us or just send an email.

Support

Whether you're looking for some
assistance or further information
regarding your solution, we're here
to help. Yes, take me there!

 

Sweden

Headquarters, Stockholm

Formpipe Software AB
Sveavägen 168, Stockholm
Box 231 31, 104 35 Stockholm
SE – Sverige
Tel: +46 8 555 290 60
Email

Linköping

Gasverksgränd 2, 582 22 Linköping
Tel: +46 8 500 072 25
Email

Västerås

Metallverksgatan 6, 721 30 Västerås

Örebro

Engelbrektsgatan 6, 702 12 Örebro

Denmark

Lautrupvang 1
2750 Ballerup
Tel: +45 3325 6555
Email

More contant info for the Danish office?

Germany

Formpipe Lasernet GmbH
THE SQUAIRE 12
Am Flughafen
60549 Frankfurt am Main
Email

 

UK, Cambridge

First Floor, Block A, Harston Mill,
Cambridge – CB22 7GG
Tel: +44 1223 872747
Email

 

UK, Nottingham

Unit 1, Isaac Newton Centre 
Nottingham Science Park
Nottingham – NG7 2RH
Tel: +44 115 924 8475
Email

 

USA

Formpipe, inc.
1200 US Highway 22 E Suite 2000
Bridgewater, NJ 08807
Tel : +1 908 200 7937
Email

Follow us
Linkedin

News & Blogs
14 January 2025 Blog Information Security Privacy & Personal Data SaaS Private Sector

A Reliable DORA-Compliant Partner for Output and Document Management

Although its been known about for years, the impending commencement of DORA supervision starts on 17th January 2025. The Digital Operational Resilience Act (DORA) is set to shake up the EU financial industry and this article explains what the legislation means for financial institutions and their suppliers.

The rapid and operationally necessary digitalisation that occurred due to the COVID-19 pandemic had many benefits for financial services companies. Hastily implemented digital transformation initiatives made financial institutions more agile, accessible and competitive. However, increased digitalisation and interconnectedness also exposed the sector to cyber threats. In response, the European Union is introducing DORA.

What is DORA?

DORA addresses the gap in EU financial regulation that failed to account for all aspects of operational resilience, particularly those relating to ICT. DORA’s core focus is incident management—the legislation mandates that “financial entities shall define, establish and implement an ICT-related incident management process to detect, manage and notify ICT-related incidents.” 

On the 17th January 2025, financial institutions will be legally required to follow strict guidelines relating to ICT-related incidents. This includes measures covering the following:

  • Protection
  • Detection
  • Containment
  • Recovery
  • Repair

The regulation targets ICT risks by introducing rules for risk management, third-party risk management, digital operational resilience testing, incident reporting, information sharing and oversight of critical third-party providers. 

What does DORA mean for financial institutions and their suppliers?

DORA directly applies to more than 22,000 financial services companies and ICT service providers operating within the EU and the infrastructure supporting them from outside the EU. The regulation also indirectly applies to the financial institutions’ digital suppliers, as it mandates operational resilience throughout the digital supply chain.

In a recent episode of Formpipe’s podcast, Beyond The Document, Ben Saxton sat down with Rupert Bull, CEO and co-founder of The Disruption House. The pair discussed the aims behind the EU’s DORA regulation and its impact on financial institutions and their suppliers. Here are some of the main takeaways from their insightful discussion:

Improving operational resilience

DORA shines a light on the complexity of financial institutions’ ICT supply chain, emphasising the need to understand and actively manage the risks associated with their suppliers. This requires proactive assessments of suppliers’ ICT risk, incident response capabilities and overall operational resilience, making sure they can withstand disruptions.

The legislation changes the dynamic for regulated institutions and their suppliers, requiring ongoing monitoring. Rupert explained how The Disruption House can help financial institutions and suppliers with this. The organisation delivers operational resilience insights through deep assessments and advanced analytics, essentially acting as a diagnostic tool to identify business areas requiring improvement to increase resilience.

Rupert explained that the company’s operational resilience reports offer their customers relative context through benchmarks, demonstrating that if you’re not getting better, you’re getting worse. “The world is different from what it was a year ago,” Rupert said. That’s why the company's data-driven operational resilience reports aren’t just about de-risking but also knowing what to change to stay competitive. Ben said it best when he said, “With anything in business but also in life, you’re better off knowing about problems, so you can go and do something about it.” 

Suppliers will go under the microscope

Ben and Rupert also discussed how DORA brings a new level of scrutiny to the suppliers of the 22,000 financial institutions impacted by the legislation. To ensure compliance, financial institutions must dig deeper and have more extensive knowledge of their suppliers' ICT environments to reduce risk. 

As a result, suppliers will be required to provide detailed information not only about their own ICT environments but also their own supply chains, allowing financial institutions to manage fourth-party risk. 

How will this affect suppliers' operations? Rupert made the point that if suppliers aren’t prepared, DORA could slow down their sales cycles, extending what used to take six months to nine due to more rigorous due diligence. While it introduces heightened scrutiny, embracing DORA allows suppliers to be prepared to prove their operational resilience to buyers.

Embracing DORA has tangible benefits

Ben and Rupert agreed that embracing DORA has benefits for financial institutions and their suppliers, with both identifying reliability and reputation as key advantages. While DORA is a compliance matter, the legislation ultimately helps build stronger relationships between financial institutions, suppliers and their customers. 

During the conversation, Ben made a good point about the benefits of DORA beyond regulatory compliance: “Why would you not want your organisation to be resilient?” It’s a question that highlights the inherent value of operational resilience, regardless of your organisation’s legal obligations.

Beyond individual organisations, the collaborative approach to operational resilience mandated by DORA paves the way for a more secure and sustainable future for the EU financial services sector as a whole.

DORA meets ESG

During his conversation with Rupert about DORA’s implications, Ben brought up the ESG angle. While DORA and ESG might seem like separate concerns on the outside, when you look closer, you'll find that they're more intertwined than you might expect. To start with, both emphasise responsible business practices and good governance.

The pair also discuss the Corporate Sustainability Reporting Directive (CSRD), which comes into effect in January, when financial institutions must prioritise sustainability to meet not only regulatory requirements but also buyer expectations. At Formpipe, we look forward to disclosing our 2024 ESG performance later this year. This directive requires companies to disclose detailed information about their environmental and social impact to increase transparency and accountability in the sector.

Rupert noted that some financial institutions are using ESG performance as a supplementary risk indicator when it comes to allocating credit, with one bank finding that its SME customers with poor ESG scores were twice as likely to be in arrears on their loan repayments than those with a good ESG score, even when all other risk factors were the same. 

“They concluded that the reason was those with a good ESG score were better run businesses,” Rupert said. This suggests that companies with strong ESG performance are more reliable and resilient, making them better partners in the context of DORA.

DORA: Reliability and reputation

At its core, DORA is about reliability and reputation for financial institutions. It’s not about ticking boxes but building trust and confidence with your customers and regulators. Beyond avoiding regulatory penalties, DORA compliance allows you to demonstrate your operational resilience and show those with vested interests in your organisation that you’re addressing possible risks and are prepared to handle any disruptions that come your way.

Choosing DORA-compliant partners shows you’re committed to maintaining operational resilience for a more secure financial ecosystem. It's a proactive step that not only aligns with sound business practices but also helps you avoid potential compliance headaches down the line.

Formpipe: Your DORA-compliant output and document management partner

At Formpipe, we’ve worked hard to ensure everything we do aligns with relevant regulations (and as those in the financial sector are well aware, these regulations are numerous and highly complex). Our efforts in e-invoicing show our commitment to helping our banking and ERP customers trade paper invoices for e-invoices before the directive comes into law across the EU.

This commitment to regulatory compliance is ingrained in everything we do as an organisation. As a DORA-compliant and ISO 27001-certified company, financial institutions can work with Formpipe with the confidence that they aren’t in for any unwelcomed surprises. Our output and document management software won’t give you any operational or resilience problems down the line. In fact, it’ll allow your organisation to become more resilient, with complete control of its business-critical data and documentation.

 

Partner with an industry-leading, DORA-compliant output and document management software company to generate, distribute, archive and retrieve beautiful documents.

Related

BlogLasernet ...
2024-10-30

Build vs. Buy: Making the ISV Choice

More
BlogLasernet ...
2024-12-05

Staying Ahead: Readiness for DORA in Financial Services

More
BlogBanking ...
2024-03-13

Revolutionising Banking with Hyper-Personalisation: The Role of Lasernet in Customised Customer Communication

More