Need a reminder? Read what DORA is and what this IT law means here.
'We expect to have everything in place by November 2024,' says IT lawyer Rutger. 'The Service Level Agreement (SLA) is still in the making, but we already have a draft contract ready. In addition, there are still some practical, operational matters to be taken care of. We understand that customers are impatient because of the DORA deadline on January 17, 2025. But I want to emphasize that they need not worry. We are leading the market in terms of DORA compliance.'
'Last week, Jilles, ANVA's Information Security Officer and my colleague on the DORA team, attended a seminar of the Automation Contact Group and industry organization NLdigital,' Rutger says. 'He hoped to get confirmation that with regard to DORA we had not overlooked anything. There it became clear that ANVA has everything in excellent order with the new agreement. That was great to hear.
'DORA first came on my radar in 2021,' says Rutger. 'That's when DORA appeared in the media, and financial institutions realized that action was needed. My expertise is in contract and privacy law, while Arie specializes in compliance and financial supervisory law.' DORA expert Arie: "Rutger asked me to work together on this project. We have worked together before and share a pragmatic and results-oriented approach. This allowed us, together with Jilles, to smoothly put everything on paper.'
'The Association of Insurers developed an addendum for DORA compliance,' Arie explains. 'We used this as a checklist to compare our current contract with the DORA rules.' Rutger adds, 'Our contract on ANVA 4/5 is not compliant for current cloud solutions and the future ANVA 6.' Also, the Netherlands ICT terms and conditions have been replaced by the NLdigital terms and conditions. Therefore, we are revising everything for a future-proof documentation set.'
'Customers need not worry; we lead the market in DORA compliance'
'With a new standard contract for all customers, ANVA avoids receiving multiple DORA contracts,' says Arie. 'This saves time and costs, and ANVA can tailor the contract to its specific services and maintain control over its IT contracts. As a lawyer, I support both IT service providers and FinTech companies in the implementation of DORA, so I understand both sides of the coin well. This results in a balanced contract.
Arie explains: 'The Data Pro Code is a code of conduct for processing personal data that has been approved by the Personal Data Authority. By adopting it verbatim in the new agreement, customers can rely on it.' Rutger adds, "The current processing agreement with customers will be dropped. Moreover, this document is future-proof in view of the gradual transition from on-premise services (ANVA 4/5) to SaaS services (ANVA 6).'
'The agreement itself consists of at most a few pages,' Rutger says. 'Together with the appendices, the document is logical, consistent and readable so that it can be understood by everyone. We worked hard to identify bottlenecks and come up with practical solutions. And with the signing of the new agreement, the old agreement will be replaced, so clients don't have to worry about canceling it on time. ANVA fully supports all its customers, they can rely on that.'
More information
Are you interested in an anonymized reading version of the agreement?
Request it here!
Read more about DORA? We've collected all the information about DORA for you here
Readthe interview with ANVA's Information Security Officer Jilles Berendsenhere
