I am a compliance specialist in payment services and in light of upcoming DORA EU legislation i thought i might get an ISO certification. Am i correct that i need 27001? what type of certification i need?
I’m assuming that by DORA you mean the Digital Operational Resilience Act
Considering that, DORA’s purpose is to strengthen the financial sector’s resilience to ICT-related incidents, and although not mandatory for DORA, ISO 27001 can provide a robust baseline to support compliance with this objective.
Regarding personal certifications, you can consider:
ISO 27001 Lead Implementer – this certification recognizes people who have competency in the ISO 27001 implementation process.
ISO 27001 Lead Auditor – this certification recognizes people who have competency in auditing an ISMS against ISO 27001 requirements and want to become certification auditors (and with this provides more confidence to an organization for being certified).
These articles will provide you with a further explanation of ISO 27001 personnel certifications: