{"id":1179,"date":"2025-12-15T18:32:21","date_gmt":"2025-12-15T15:32:21","guid":{"rendered":"https:\/\/isocerthub.com\/?p=1179"},"modified":"2025-12-15T18:45:57","modified_gmt":"2025-12-15T15:45:57","slug":"kak-standarty-iso-22301-i-27035-pomogayut-sootvetstvovat-trebovaniyam-dora","status":"publish","type":"post","link":"https:\/\/isocerthub.com\/en\/kak-standarty-iso-22301-i-27035-pomogayut-sootvetstvovat-trebovaniyam-dora\/","title":{"rendered":"How ISO 22301 and ISO 27035 help meet DORA requirements"},"content":{"rendered":"<div data-elementor-type=\"wp-post\" data-elementor-id=\"1179\" class=\"elementor elementor-1179\" data-elementor-post-type=\"post\">\n\t\t\t\t<div class=\"elementor-element elementor-element-659db77a e-flex e-con-boxed e-con e-parent\" data-id=\"659db77a\" data-element_type=\"container\">\n\t\t\t\t\t<div class=\"e-con-inner\">\n\t\t\t\t<div class=\"elementor-element elementor-element-cc28ce4 elementor-widget elementor-widget-text-editor\" data-id=\"cc28ce4\" data-element_type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t<style>\/*! elementor - v3.21.0 - 15-04-2024 *\/\n.elementor-widget-text-editor.elementor-drop-cap-view-stacked .elementor-drop-cap{background-color:#69727d;color:#fff}.elementor-widget-text-editor.elementor-drop-cap-view-framed .elementor-drop-cap{color:#69727d;border:3px solid;background-color:transparent}.elementor-widget-text-editor:not(.elementor-drop-cap-view-default) .elementor-drop-cap{margin-top:8px}.elementor-widget-text-editor:not(.elementor-drop-cap-view-default) .elementor-drop-cap-letter{width:1em;height:1em}.elementor-widget-text-editor .elementor-drop-cap{float:left;text-align:center;line-height:1;font-size:50px}.elementor-widget-text-editor .elementor-drop-cap-letter{display:inline-block}<\/style>\t\t\t\t<!-- wp:paragraph -->\n<p>Companies in Kazakhstan, Uzbekistan, Georgia, and Kyrgyzstan are increasingly working with European banks, fintech partners, and marketplaces\u2014which means they are facing DORA\u2019s requirements for digital operational resilience. The good news is that you don\u2019t need to reinvent the wheel to align with DORA. Two practical standards\u2014ISO 22301 and ISO\/IEC 27035\u2014cover much of what the regulator expects through clear processes and defined roles.<\/p>\n<!-- \/wp:paragraph --><!-- wp:heading -->\n<h2 class=\"wp-block-heading\">What DORA expects from businesses\u2014in plain language<\/h2>\n<!-- \/wp:heading --><!-- wp:paragraph -->\n<p>DORA (the Digital Operational Resilience Act) focuses not on \u201cpaper security,\u201d but on a company\u2019s ability to withstand IT outages and cyber incidents, recover quickly, and manage risks across its suppliers. In practice, they typically check whether you:<\/p>\n<!-- \/wp:paragraph --><!-- wp:list -->\n<ul class=\"wp-block-list\"><!-- wp:list-item -->\n<li>have a controlled model for ICT risk management and business continuity;<\/li>\n<!-- \/wp:list-item --><!-- wp:list-item -->\n<li>can detect, classify, and investigate incidents;<\/li>\n<!-- \/wp:list-item --><!-- wp:list-item -->\n<li>run tests and exercises;<\/li>\n<!-- \/wp:list-item --><!-- wp:list-item -->\n<li>oversee critical suppliers (cloud providers, outsourcing vendors, data centers).<\/li>\n<!-- \/wp:list-item --><\/ul>\n<!-- \/wp:list --><!-- wp:paragraph -->\n<p>If you think of a business as an airline, DORA wants to see not only seat belts (policies), but also crew training, checklists, black boxes, and regular aircraft inspections.<\/p>\n<!-- \/wp:paragraph --><!-- wp:heading -->\n<h2 class=\"wp-block-heading\">ISO 22301: the backbone of business continuity for DORA compliance<\/h2>\n<!-- \/wp:heading --><!-- wp:paragraph -->\n<p><img fetchpriority=\"high\" decoding=\"async\" class=\"alignright wp-image-1183 size-medium\" src=\"http:\/\/isocerthub.com\/wp-content\/uploads\/2025\/12\/dora-incidents-risks-300x200.webp\" alt=\"DORA, \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u044b \u0438 \u0440\u0438\u0441\u043a\u0438\" width=\"300\" height=\"200\" srcset=\"https:\/\/isocerthub.com\/wp-content\/uploads\/2025\/12\/dora-incidents-risks-300x200.webp 300w, https:\/\/isocerthub.com\/wp-content\/uploads\/2025\/12\/dora-incidents-risks-1024x683.webp 1024w, https:\/\/isocerthub.com\/wp-content\/uploads\/2025\/12\/dora-incidents-risks-768x512.webp 768w, https:\/\/isocerthub.com\/wp-content\/uploads\/2025\/12\/dora-incidents-risks-18x12.webp 18w, https:\/\/isocerthub.com\/wp-content\/uploads\/2025\/12\/dora-incidents-risks-930x620.webp 930w, https:\/\/isocerthub.com\/wp-content\/uploads\/2025\/12\/dora-incidents-risks.webp 1536w\" sizes=\"(max-width: 300px) 100vw, 300px\" \/>ISO 22301 builds a Business Continuity Management System (BCMS): from risk analysis and BIA to recovery plans and regular exercises. This directly helps meet DORA\u2019s expectations for resilience and service recovery.<\/p>\n<!-- \/wp:paragraph --><!-- wp:paragraph -->\n<p>Before implementing procedures, it\u2019s important to define exactly what you are protecting and how much downtime is acceptable. In ISO 22301, this is formalized through key artifacts:<\/p>\n<!-- \/wp:paragraph --><!-- wp:list -->\n<ul class=\"wp-block-list\"><!-- wp:list-item -->\n<li>BIA (Business Impact Analysis): which processes are critical, what dependencies exist (people, IT, suppliers), and what the impact of downtime is;<\/li>\n<!-- \/wp:list-item --><!-- wp:list-item -->\n<li>RTO\/RPO: target recovery time and the maximum acceptable data loss;<\/li>\n<!-- \/wp:list-item --><!-- wp:list-item -->\n<li>continuity strategies: redundancy, alternative sites, manual workarounds;<\/li>\n<!-- \/wp:list-item --><!-- wp:list-item -->\n<li>response and recovery plans: who does what, in what sequence, and how to communicate with customers and partners;<\/li>\n<!-- \/wp:list-item --><!-- wp:list-item -->\n<li>exercises and tests: so the plan works in real life, not just in a slide deck.<\/li>\n<!-- \/wp:list-item --><\/ul>\n<!-- \/wp:list --><!-- wp:paragraph -->\n<p>After that, you have a structured foundation for business continuity training\u2014and for demonstrating maturity to partners and auditors.<\/p>\n<!-- \/wp:paragraph --><!-- wp:paragraph -->\n<p>Learn more about the standard\u2019s structure and practical <a href=\"https:\/\/isocerthub.com\/en\/iso-223012019\/\">use here.<\/a>.<\/p>\n<!-- \/wp:paragraph --><!-- wp:heading -->\n<h2 class=\"wp-block-heading\">ISO\/IEC 27035: bringing order to cyber incident response<\/h2>\n<!-- \/wp:heading --><!-- wp:paragraph -->\n<p>If ISO 22301 answers the question \u201chow do we keep operating when everything breaks,\u201d then ISO\/IEC 27035 answers \u201chow do we handle an incident properly and learn from it.\u201d This is critical for DORA because the regulator expects discipline: detection \u2192 assessment \u2192 response \u2192 recovery \u2192 improvement.<\/p>\n<!-- \/wp:paragraph --><!-- wp:paragraph -->\n<p>The standard helps build an information security incident management system where there\u2019s no chaos of chats and calls to \u201csomeone in IT,\u201d but instead clear roles, criteria, and metrics. Such a system typically includes:<\/p>\n<!-- \/wp:paragraph --><!-- wp:list -->\n<ul class=\"wp-block-list\"><!-- wp:list-item -->\n<li>rules for detecting and logging events (SOC\/logging\/service desk);<\/li>\n<!-- \/wp:list-item --><!-- wp:list-item -->\n<li>classification and prioritization (what counts as a serious incident);<\/li>\n<!-- \/wp:list-item --><!-- wp:list-item -->\n<li>response scenarios (ransomware, data leak, account compromise, DDoS);<\/li>\n<!-- \/wp:list-item --><!-- wp:list-item -->\n<li>communications and escalation (management, legal, PR, partners);<\/li>\n<!-- \/wp:list-item --><!-- wp:list-item -->\n<li>post-incident review: root causes, lessons learned, corrective actions.<\/li>\n<!-- \/wp:list-item --><\/ul>\n<!-- \/wp:list --><!-- wp:paragraph -->\n<p>And yes\u2014this is the kind of incident management that saves money and nerves: the faster you contain the issue, the less downtime and reputational damage you face.<\/p>\n<!-- \/wp:paragraph --><!-- wp:paragraph -->\n<p>ISO\/IEC 27035 implementation in practice:<a href=\"https:\/\/isocerthub.com\/en\/iso-iec-27035-effektivnoye-upravleniye-intsidentami-informatsionnoy-bezopasnosti-s-too-sistem-menedzhment\/\"> more details here.<\/a><\/p>\n<!-- \/wp:paragraph --><!-- wp:heading -->\n<h2 class=\"wp-block-heading\">How ISO 22301 and ISO 27035 together help meet DORA\u2019s key operational resilience requirements<\/h2>\n<!-- \/wp:heading --><!-- wp:paragraph -->\n<p>Individually, each standard is strong\u2014but together they create a powerful \u201cresilience + response\u201d combination:<\/p>\n<!-- \/wp:paragraph --><!-- wp:list -->\n<ul class=\"wp-block-list\"><!-- wp:list-item -->\n<li>ISO 22301 defines critical services, acceptable downtime, and recovery scenarios.<\/li>\n<!-- \/wp:list-item --><!-- wp:list-item -->\n<li>ISO\/IEC 27035 provides the mechanism for responding to cyber incidents, which often triggers business continuity plans.<\/li>\n<!-- \/wp:list-item --><!-- wp:list-item -->\n<li>DORA requires regular readiness checks\u2014both standards rely on exercises, tests, and a continuous improvement cycle.<\/li>\n<!-- \/wp:list-item --><\/ul>\n<!-- \/wp:list --><!-- wp:paragraph -->\n<p>After implementation, the company gains a \u201ccommon language\u201d across business, IT, and security\u2014and fewer situations where one team sees an incident as \u201cminor,\u201d while another is already losing customers.<\/p>\n<!-- \/wp:paragraph --><!-- wp:heading -->\n<h2 class=\"wp-block-heading\">A quick implementation plan for companies in the region<\/h2>\n<!-- \/wp:heading --><!-- wp:paragraph -->\n<p>To avoid drowning in documentation, start pragmatically. The System Management team usually recommends this route:<\/p>\n<!-- \/wp:paragraph --><!-- wp:list -->\n<ul class=\"wp-block-list\"><!-- wp:list-item -->\n<li>run a short gap analysis against DORA and your current practices;<\/li>\n<!-- \/wp:list-item --><!-- wp:list-item -->\n<li>map critical services and dependencies (BIA, RTO\/RPO);<\/li>\n<!-- \/wp:list-item --><!-- wp:list-item -->\n<li>launch an incident response process: roles, classification, playbooks;<\/li>\n<!-- \/wp:list-item --><!-- wp:list-item -->\n<li>link incident response to recovery plans (who triggers BCP\/DR and when);<\/li>\n<!-- \/wp:list-item --><!-- wp:list-item -->\n<li>run a tabletop exercise and document improvements.<\/li>\n<!-- \/wp:list-item --><\/ul>\n<!-- \/wp:list --><!-- wp:paragraph -->\n<p>This delivers fast results: even a single well-run exercise often reveals bottlenecks better than months of discussion.<\/p>\n<!-- \/wp:paragraph --><!-- wp:paragraph -->\n<p>If you work with EU financial partners or want to prepare in advance for customer and auditor requests, System Management can help set up the processes, deliver training, and build the evidence base for assessment.<\/p>\n<!-- \/wp:paragraph -->\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>","protected":false},"excerpt":{"rendered":"<p>\u041a\u043e\u043c\u043f\u0430\u043d\u0438\u0438 \u0438\u0437 \u041a\u0430\u0437\u0430\u0445\u0441\u0442\u0430\u043d\u0430, \u0423\u0437\u0431\u0435\u043a\u0438\u0441\u0442\u0430\u043d\u0430, \u0413\u0440\u0443\u0437\u0438\u0438 \u0438 \u041a\u044b\u0440\u0433\u044b\u0437\u0441\u0442\u0430\u043d\u0430 \u0432\u0441\u0451 \u0447\u0430\u0449\u0435 \u0440\u0430\u0431\u043e\u0442\u0430\u044e\u0442 \u0441 \u0435\u0432\u0440\u043e\u043f\u0435\u0439\u0441\u043a\u0438\u043c\u0438 \u0431\u0430\u043d\u043a\u0430\u043c\u0438, \u0444\u0438\u043d\u0442\u0435\u0445-\u043f\u0430\u0440\u0442\u043d\u0451\u0440\u0430\u043c\u0438 \u0438 \u043c\u0430\u0440\u043a\u0435\u0442\u043f\u043b\u0435\u0439\u0441\u0430\u043c\u0438 \u2014 \u0430 \u0437\u043d\u0430\u0447\u0438\u0442, \u0441\u0442\u0430\u043b\u043a\u0438\u0432\u0430\u044e\u0442\u0441\u044f \u0441 \u0442\u0440\u0435\u0431\u043e\u0432\u0430\u043d\u0438\u044f\u043c\u0438 DORA \u043a \u0446\u0438\u0444\u0440\u043e\u0432\u043e\u0439 \u0443\u0441\u0442\u043e\u0439\u0447\u0438\u0432\u043e\u0441\u0442\u0438. \u0425\u043e\u0440\u043e\u0448\u0430\u044f \u043d\u043e\u0432\u043e\u0441\u0442\u044c: \u0447\u0442\u043e\u0431\u044b \u043f\u043e\u0434\u0440\u0443\u0436\u0438\u0442\u044c\u0441\u044f \u0441 DORA, \u043d\u0435 \u043d\u0443\u0436\u043d\u043e \u0438\u0437\u043e\u0431\u0440\u0435\u0442\u0430\u0442\u044c \u0432\u0435\u043b\u043e\u0441\u0438\u043f\u0435\u0434. \u0414\u0432\u0430 \u043f\u0440\u0430\u043a\u0442\u0438\u0447\u043d\u044b\u0445 \u0441\u0442\u0430\u043d\u0434\u0430\u0440\u0442\u0430 \u2014 ISO 22301 \u0438 ISO\/IEC 27035 \u2014 \u0437\u0430\u043a\u0440\u044b\u0432\u0430\u044e\u0442 \u0431\u043e\u043b\u044c\u0448\u0443\u044e \u0447\u0430\u0441\u0442\u044c \u043e\u0436\u0438\u0434\u0430\u043d\u0438\u0439 \u0440\u0435\u0433\u0443\u043b\u044f\u0442\u043e\u0440\u0430 \u0447\u0435\u0440\u0435\u0437 \u043f\u043e\u043d\u044f\u0442\u043d\u044b\u0435 \u043f\u0440\u043e\u0446\u0435\u0441\u0441\u044b \u0438&hellip;&nbsp;<a href=\"https:\/\/isocerthub.com\/en\/kak-standarty-iso-22301-i-27035-pomogayut-sootvetstvovat-trebovaniyam-dora\/\" class=\"\" rel=\"bookmark\">Read More &raquo;<span class=\"screen-reader-text\">How ISO 22301 and ISO 27035 help meet DORA requirements<\/span><\/a><\/p>","protected":false},"author":2,"featured_media":1182,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"om_disable_all_campaigns":false,"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"neve_meta_sidebar":"","neve_meta_container":"","neve_meta_enable_content_width":"","neve_meta_content_width":0,"neve_meta_title_alignment":"","neve_meta_author_avatar":"","neve_post_elements_order":"","neve_meta_disable_header":"","neve_meta_disable_footer":"","neve_meta_disable_title":"","footnotes":""},"categories":[12],"tags":[],"class_list":["post-1179","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-12"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/isocerthub.com\/en\/wp-json\/wp\/v2\/posts\/1179","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/isocerthub.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/isocerthub.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/isocerthub.com\/en\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/isocerthub.com\/en\/wp-json\/wp\/v2\/comments?post=1179"}],"version-history":[{"count":4,"href":"https:\/\/isocerthub.com\/en\/wp-json\/wp\/v2\/posts\/1179\/revisions"}],"predecessor-version":[{"id":1187,"href":"https:\/\/isocerthub.com\/en\/wp-json\/wp\/v2\/posts\/1179\/revisions\/1187"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/isocerthub.com\/en\/wp-json\/wp\/v2\/media\/1182"}],"wp:attachment":[{"href":"https:\/\/isocerthub.com\/en\/wp-json\/wp\/v2\/media?parent=1179"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/isocerthub.com\/en\/wp-json\/wp\/v2\/categories?post=1179"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/isocerthub.com\/en\/wp-json\/wp\/v2\/tags?post=1179"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}