Frequently Asked Questions
Everything you need to know about ComplyShield, EU & US compliance frameworks, and how we can help your organisation.
General
The Digital Operational Resilience Act (DORA) is an EU regulation that requires financial entities to strengthen their ICT risk management, incident reporting, and third-party oversight. It applies to banks, insurance companies, investment firms, and their critical ICT service providers.
NIS2 is the EU's updated Network and Information Security Directive. While DORA focuses specifically on financial services, NIS2 covers essential and important entities across multiple sectors. ComplyShield helps you manage compliance for both frameworks simultaneously.
ComplyShield is built for banks, insurance companies, investment firms, and their ICT service providers who need to comply with DORA and NIS2. It's especially suited for mid-size institutions that need enterprise-grade compliance without a large consulting budget.
Absolutely. Fill in the form on our contact page and our team will schedule a personalized walkthrough tailored to your organization's needs.
US Compliance
Yes. ComplyShield supports NIST CSF 2.0, SEC Cybersecurity Rules, NYDFS 23 NYCRR 500, and SOX IT Controls alongside EU frameworks. You can enable multiple frameworks simultaneously.
When a material cybersecurity incident occurs, the SEC requires an 8-K filing within 4 business days. ComplyShield tracks this deadline and helps generate the required disclosure.
Absolutely. ComplyShield is multi-framework by design. You select which frameworks apply to your organization during setup, and the platform loads the relevant compliance articles, deadlines, and reporting requirements.
It's the New York Department of Financial Services cybersecurity regulation requiring financial institutions to maintain a cybersecurity program, incident response plan, and third-party security policies. ComplyShield maps these requirements to controls you can track and evidence.
Technical
Most organizations are up and running within days. ComplyShield comes pre-configured with DORA's 5 pillars, all compliance articles, and ESA reporting templates. You just need to add your organization's specific data.
ComplyShield is a single-tenant solution deployed on your own infrastructure — your data never leaves your environment. We support two-factor authentication, role-based access control, and full audit logging.
ComplyShield is a cloud-hosted platform where each client gets their own dedicated instance with full data isolation. We manage the infrastructure so you can focus on compliance — no servers to maintain, no updates to install.
Yes. ComplyShield supports 9 integration categories including Jira, Splunk, Azure AD SSO, SecurityScorecard, AWS/Azure/GCP asset discovery, and more. The driver-based architecture makes it easy to add credentials and activate integrations.
Compliance
Yes. ComplyShield exports the complete DORA Register of Information across all 15 ESA templates (B_01.01 through B_99.01), including intra-group arrangements and branch reporting, in XBRL-CSV format with built-in validation. You can also generate board-level PDF reports and risk committee exports.
Yes. ICT Risk Management, Incident Management, Digital Operational Resilience Testing, Third-Party Risk Management, and Information Sharing — all five pillars are fully covered with dedicated modules.
You can register ICT third-party providers, track contracts, send self-service risk assessment questionnaires (vendors fill them out via a public link), monitor vendor scores, and flag concentration risks — all from the Vendor module.
ComplyShield supports both DORA and NIS2 incident classification. NIS2 incidents are classified by sector-specific criteria and tracked through the same timeline and reporting workflow as DORA incidents.
Deployment
ComplyShield is a cloud-hosted SaaS platform with a single-tenant architecture, available in both EU and US regions. Each client gets their own dedicated instance and database — your data is never shared or co-mingled with other clients. We handle all infrastructure, updates, and security patches.
ComplyShield runs on PHP 8.3+ with PostgreSQL 17 (or MySQL 8.4). It requires a standard web server (Nginx/Apache), approximately 2GB RAM, and can run on any Linux server, Docker, or cloud VM.
Yes. ComplyShield can be deployed in EU or US regions depending on your data residency requirements. The platform supports global compliance frameworks and can be configured for organisations operating across multiple jurisdictions.
Yes. ComplyShield provides CSV import for ICT assets and a REST API for programmatic data migration. Our team can help plan and execute a migration from your current compliance tool.