[Reading time: 23 seconds]

Risk, and managing risk, is at the core of ISO 27001, DORA and NIS2.


Don’t believe me?

Guess how many times the word “risk” is mentioned in the ISO 27001:2022 standard?

57 times.

And in the NIS2 directive?

144 times.

And in the DORA regulation?

171 times.


So what?

As I said before, there might be lots (and lots and lots) of paperwork involved in ISO 27001, DORA, or NIS2 compliance.

But there’s also a lot of risk management.


What’s my point?

Don’t focus on the paperwork.

Focus on the risk management process.



An effective risk management process will ensure you identify and focus on the risks that are of most concern to your organisation.

And just as importantly, it will help explain to the person who signs the cheques why reducing these risks is worth the ‘spend.


Need help?

If you don’t know where to start, here are a few things I prepared earlier:


Need further help?

I’m here.