55 Degrees’ Commitment to DORA Alignment and Operational Resilience

At 55 Degrees, we work with financial institutions across Europe and beyond, providing non-critical ICT services that support collaboration, forecasting, and agile decision-making. While we are not a financial entity ourselves, and therefore not directly regulated under the EU's Digital Operational Resilience Act (DORA), we recognize the increasing responsibilities our customers face when managing digital risks — especially when relying on third-party providers like us.

What is DORA?

The Digital Operational Resilience Act (DORA) is a European Union regulation designed to strengthen the financial sector’s ability to withstand and recover from ICT-related disruptions. It applies to a wide range of regulated entities — including banks, insurers, asset managers, and fintechs — and requires them to assess, manage, and monitor the ICT risks posed by their vendors.

This includes ensuring that third-party service providers meet high standards for cybersecurity, incident handling, business continuity, and operational resilience. Even if a vendor isn’t classified as “critical,” regulated firms must demonstrate appropriate oversight and assurance — and that’s where we come in.

Strategic Commitment to DORA Compliance

To further differentiate ourselves in the data security space and demonstrate our long-term commitment to our financial-sector customers, we are actively working toward full alignment with DORA as a third-party ICT service provider.

While we are not currently classified as a “critical ICT provider,” our goal is to meet or exceed the standards expected of one. We believe this commitment reflects both our values and our customers' expectations for transparency, resilience, and regulatory awareness.

Optional DORA Addendum for Customers

To make things easier for customers navigating DORA compliance, we offer an optional DORA-focused addendum to our standard customer agreement. This document outlines additional commitments that reflect the regulation’s expectations for third-party providers, including:

• Incident reporting protocols

• Testing and continuity support

• Subcontractor transparency

• Risk oversight collaboration

The addendum is available on request and can be executed during procurement, onboarding, or renewal.

DORA Alignment in Practice

Here are just some of the practices we’ve adopted to help customers meet their DORA-related obligations:

• We maintain compliance with SOC 2 Type II, ISO/IEC 27001, and GDPR frameworks.

• Our leadership team receives regular cybersecurity training and is engaged in risk oversight.

• We use Vanta and InfosecIQ to deliver continuous security education to our team.

• We maintain documented and tested incident response and business continuity plans.

• We support customer-led audits, risk assessments, and data security reviews.

• We can align to DORA-like incident reporting expectations under customer-specific terms.

• We are actively assessing our internal practices against the DORA framework and plan to implement enhancements that strengthen governance, risk management, testing, and monitoring.

Commitment to Operational Resilience

Ultimately, our DORA alignment is part of a larger vision: to offer trustworthy and resilient product services that evolve alongside our customers’ regulatory landscapes. By tracking new developments like DORA — and proactively aligning with its principles — we help ensure that our products, policies, and people support your operational resilience.

Confidence in tools starts with confidence in vendors.

If you're evaluating tools for DORA-aligned teams, we’re ready to support your journey.

👉 Talk to us about how we help regulated organizations work smarter.