Skip to content

DORA

Learn how we comply with the Digital Operational Resilience Act (DORA)

ISO - Oneflow ISO - Oneflow

The Regulation (EU) 2022/2554 of the European Parliament and of the Council of 14 December 2022 on digital operational resilience for the financial sector (“DORA”) entered into force on 16 January 2023 and applies as of 17 January 2025.

Oneflow stores and process data for customers defined as a Financial Entity under DORA who uses Oneflow as a non-critical ICT third-party service provider.

Oneflow and DORA

In our work with DORA, we make sure to have a DORA appendix available to all our customers affected by DORA, and of course that we as a company have adjusted our business operations to comply with the requirements applicable to us as a non-critical ICT third-party service provider.

Oneflow complies with appropriate information security standards regarding availability, authenticity, integrity and confidentiality concerning the protection of data, including personal data, relevant for delivery of the service.

Implementing appropriate security measures is important to us and a significant part of our business includes keeping up to date with information security standards and legislation. We have proactive measures in place through e.g. encryption, backup and impact assessments. Read more in the Oneflow Security center.

Oneflow is ISO27001, ISO9001 and ISO14001 certified. Read more about our certifications here.

Locations of data storage and processing

This list serves to provide our customers with information on the locations, namely the regions or countries, where the contracted or subcontracted functions and ICT services are to be provided and where data is to be processed, including the storage location as required by Article 30.2 (b) DORA.

Service and supplierOptionalLocationReference
AWS (Amazon Web Services, Inc.)
Primary cloud services provider.
NoEU (Ireland, Sweden)Compliance
Pusher (MessageBird B.V.)
Real-time communications.
NoEU (Ireland)Security center
46elks (46 Elks AB)
SMS services provider.
YesEU (Sweden)Data protection Policy
Freshdesk (Freshworks Inc.)
Service to manage support inquiries.
YesEU (Germany)Security center
Postmark (ActiveCampaign, LLC)
Transactional email service.
YesUSSecurity center
Customer.io (Peaberry Software, Inc.)
Onboarding e-mails and flows.
YesEUSecurity center
Legly (Legly AB)
AI Services to review contractual data
YesEU (Germany)Privacy Statement

You can opt-in/out from the services listed as optional above as an administrator in your Oneflow account under “Data Management” or in the Marketplace.

More from Oneflow

oneflow awards
One platform. All departments

Create, sign and manage any type of agreement you can think of

Oneflow raises 20 million
Why Oneflow

Six reasons why teams around the world love the magic of flow