JOHLEM

Last updated: February 2026

Digital Operational Resilience Act (DORA)

johlem.net is committed to operational resilience and maintains practices aligned with the EU Digital Operational Resilience Act (Regulation (EU) 2022/2554).

Our Services

johlem.net provides:

• Security Tools: Client-side processing for privacy
• Reference Materials: Security cheatsheets and documentation
• Consulting Services: Professional cybersecurity services

ICT Risk Management

Framework

We maintain an ICT risk management framework that includes:

• Regular risk assessments
• Security controls aligned with NIST SP 800-53 and OWASP
• Continuous monitoring and improvement
• Documented policies and procedures

Security Controls

• Confidentiality: HTTPS encryption, minimal data collection
• Integrity: Input validation, secure coding practices
• Availability: CDN hosting, redundancy measures

Incident Management

Reporting

Security incidents can be reported to:

• Email: security [at] johlem [dot] net
• PGP: Available at pgp-key.txt
• security.txt: /.well-known/security.txt

Response

We maintain incident response procedures including:

• Defined severity classification
• Response time commitments
• Containment and remediation processes
• Post-incident review and improvement

Business Continuity

Service Resilience

• Hosting: Global CDN with automatic failover
• Data: No database dependency, stateless architecture
• Recovery: Documented deployment procedures
• Backup: Version-controlled source code

Recovery Objectives

• RTO (Recovery Time): 4 hours for critical services
• RPO (Recovery Point): Minimal (stateless design)

Third-Party Management

Service Providers

We assess and monitor third-party ICT service providers for:

• Security certifications and compliance
• Service level agreements
• Incident response capabilities
• Data processing practices

Exit Strategy

All services are designed for portability with documented migration procedures.

Testing and Resilience

Security Testing

• Regular vulnerability assessments
• Periodic penetration testing
• Continuous security monitoring
• Code review processes

Resilience Testing

• Failover testing
• Recovery procedure validation
• Incident response exercises

Information Sharing

We participate in security information sharing through:

• Responsible disclosure program
• Security advisories
• Threat intelligence consumption

Documentation

Our operational resilience documentation includes:

• ICT risk management framework
• Incident response procedures
• Business continuity plan
• Third-party risk register
• Security controls inventory

Contact

For DORA-related inquiries:

• Email: contact [at] johlem [dot] net
• Security: security [at] johlem [dot] net
• Website: Security Policy

Compliance Statement

johlem.net maintains security and operational resilience practices aligned with DORA requirements, including:

• ICT risk management with regular assessment
• Incident detection, reporting, and response capabilities
• Business continuity and disaster recovery procedures
• Third-party risk management and oversight
• Regular resilience testing and improvement

This statement is reviewed annually and updated as needed.