Skip to main content

DNB Good Practice Information Security

Information security in the financial sector

It was already important and is now becoming increasingly relevant: attention to information security in the financial sector. For years, the Dutch Central Bank (DNB) has had the Good Practice Information Security (Cobit-'light') on which it bases its supervision.

As of Jan. 17, 2025, the European Digital Operational Resilience Act(DORA) is the legal framework for operational resilience, replacing the current Good Practice Information Security 2023 for the institutions covered by the scope of DORA as the oversight framework. This means banks and insurers must adapt to more stringent operational resilience and cybersecurity requirements. DORA emphasizes strengthening resilience to digital threats and ensuring the continuity of critical services. For banks and insurers, this means an intensified focus on risk management, incident reporting and cooperation with regulators. Until Jan. 17, 2025, Good Practice still applies and institutions will need to focus on compliance in addition to preparing for DORA.

DNB's role in monitoring and reporting

DNB regularly reports to the financial sector on the status of IS (Information Security) within pension funds and insurers. Just a reminder: in the IB Monitor, DNB shows the current status, provides insight into the relevant risks (threat analysis) and gives an outlook on supervision. The last update of the IB Monitor is already from December 2021, yet the insights from this report are relevant, especially in light of new regulations such as DORA and NIS2. ARC People helps a significant number of banks, insurers, pension funds and Payment Service Providers (PSP) with issues on this topic both the risk management perspective and internal audit perspective.

Discover the latest insights

Curious about the latest insights? Read our recent blog or download our full whitepaper for free. In it we delve deeper into the IB Monitor and supplement where necessary with more recent publications. We also discuss the new outlook and the impact of recent regulations such as DORA and NIS2 on the Dutch financial sector.

Learn more about Information Security DNB

Are you interested in more information on this topic? Then please contact Carlo Bavius or Toine van den Hurk. We are ready to answer your questions and help you further.

Our expert team, with years of experience, is ready to support you and offer personalized advice tailored to your specific situation. We strive to respond to your inquiries as quickly as possible so that you are always helped quickly.

Carlo Bavius

RO RE CIA CRISC CRMA - Associate Partner

06-40050555

Toine van den Hurk

Senior Manager of IT Audit & Risk

06-41773152