Home > Security Center > DORA
DORA
Learn how we comply with the Digital Operational Resilience Act (DORA)
The Regulation (EU) 2022/2554 of the European Parliament and of the Council of 14 December 2022 on digital operational resilience for the financial sector (“DORA”) entered into force on 16 January 2023 and applies as of 17 January 2025.
Oneflow stores and process data for customers defined as a Financial Entity under DORA who uses Oneflow as a non-critical ICT third-party service provider.
Oneflow and DORA
In our work with DORA, we make sure to have a DORA appendix available to all our customers affected by DORA, and of course that we as a company have adjusted our business operations to comply with the requirements applicable to us as a non-critical ICT third-party service provider.
Oneflow complies with appropriate information security standards regarding availability, authenticity, integrity and confidentiality concerning the protection of data, including personal data, relevant for delivery of the service.
Implementing appropriate security measures is important to us and a significant part of our business includes keeping up to date with information security standards and legislation. We have proactive measures in place through e.g. encryption, backup and impact assessments. Read more in the Oneflow Security center.
Oneflow is ISO27001, ISO9001 and ISO14001 certified. Read more about our certifications here.
Locations of data storage and processing
This list serves to provide our customers with information on the locations, namely the regions or countries, where the contracted or subcontracted functions and ICT services are to be provided and where data is to be processed, including the storage location as required by Article 30.2 (b) DORA.
Service and supplier | Optional | Location | Reference |
---|---|---|---|
AWS (Amazon Web Services, Inc.) Primary cloud services provider. | No | EU (Ireland, Sweden) | Compliance |
Pusher (MessageBird B.V.) Real-time communications. | No | EU (Ireland) | Security center |
46elks (46 Elks AB) SMS services provider. | Yes | EU (Sweden) | Data protection Policy |
Freshdesk (Freshworks Inc.) Service to manage support inquiries. | Yes | EU (Germany) | Security center |
Postmark (ActiveCampaign, LLC) Transactional email service. | Yes | US | Security center |
Customer.io (Peaberry Software, Inc.) Onboarding e-mails and flows. | Yes | EU | Security center |
Legly (Legly AB) AI Services to review contractual data | Yes | EU (Germany) | Privacy Statement |
You can opt-in/out from the services listed as optional above as an administrator in your Oneflow account under “Data Management” or in the Marketplace.