Information and Cybersecurity with Sweet Systems: Prepare for DORA and NIS2

Sweet Systems has for many years focused on information security. We are one of few software companies in Sweden that is certified against the ISO27001 standard, something we are very proud of. 

Certifying a company against ISO 27001 takes time and requires a great commitment from the entire organisation. Making security awareness a part of the company’s culture is something Sweet continuously works with both internally and together with our customers and suppliers. 

Challenges in Digitalization and the Need for Increased Cybersecurity

The rapid digitalization that has occurred over a couple of decades has created fantastic technical solutions that we as individuals, companies, and society are more or less dependent on. In some cases, this has led to many companies creating technically very complex IT structures. The complexity of these structures, combined with the fact that criminal actors are becoming more advanced in their attacks, means that the risk of cyber threats has increased significantly. 

EU and Sweden’s Legislation on Information and Cybersecurity

This is something that legislators in the EU and Sweden have focused on for a long time, and a number of laws and regulations have already been introduced to strengthen organizations’ resilience. Now two new laws, DORA and NIS2, will come into force over the next 12 months with the aim of further strengthening corporate resilience in Europe. 

DORA & NIS2

DORA (Digital Operational Resilience Act) and the NIS2 Directive (Network and Information Security Directive) are initiated by the EU with a focus on information and cybersecurity. They will come into force in 2024 and early 2025, respectively. DORA focuses on operational resilience in the financial sector. NIS2 extends the original NIS Directive to include a larger number of operations. Both of these laws affect and strengthen our security work at Sweet. 

Focus on Reducing Third-Party Risk

DORA and NIS2, among other things, highlight the risk in supply chains, the so-called third-party risk. At Sweet, we continuously work to reduce our risk in all areas. We have implemented controls and tests and conduct audits related to our critical suppliers. This is one of the areas that make us a secure supplier to customers in banking, finance, insurance, and public entities such as municipalities and public owned companies. 

Sweet Systems’ Commitment to Secure Software Solutions

As a leading provider of secure software solutions, our task is to proactively minimize risks in our product development – from idea and design to final testing and releases. Our products are designed and internally and externally tested to meet high security requirements. This gives our customers the security and reliability they need in a digitalized world. 

Erik Lind

With my experience as a CIO in a bank where information and cybersecurity are central, I know how important and time-consuming this work is. This is because the bank’s requirements in the area must be set, implemented, and followed up continuously in all areas, both internally and with suppliers. Working with a supplier like Sweet, who are ISO certified and where information security is part of the culture, is very assuring. My impression is that people working with information and cybersecurity at banks welcome DORA, as the requirements are actually written in law. However, the work to achieve regulatory compliance should not be underestimated,’ says Erik Lind, Head of Product.