Whitepaper

Making Security Work: Document-Driven ISMS is Failing Financial Services

Most Information Security Management Systems in financial services exist - but they don't work. Policies sit in SharePoint. Controls live in spreadsheets. Evidence is assembled manually before audits. That model is no longer defensible.

In this whitepaper, Tomas Hellum, one of Denmark's leading experts in information and cyber security, makes the case for a Holistic, integrated ISMS built for DORA, FCA, and Nordic supervisory expectations.

What's inside?

- Why document-driven ISMS is no longer defensible.
- The regulatory shift to demand demonstrated control - not just documentation.
- The hidden costs of an inadequate ISMS.
- What a Holistic ISMS actually delivers.
- Governance hierarchy and the SoA question.
- Real-world cases.

Author bio


Tomas Hellum, VP of Regulatory Strategy at Decision Focus, is an industry-recognised GRC leader in the Nordics and one of Denmark's leading experts in information and cyber security. With more than 20 years of experience advising financial institutions and regulated organisations, he specialises in integrating DORA, ISO 27001, CIS18 and NIST into practical governance and risk management frameworks.

Get your copy
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Any questions?
Or just curious to see a demo
The Decision Focus team are here to answer your questions.
Book a demo
Contact us
Solutions
ERMOP ResTPRMISMSDORAECESOXAuditAIGRC Software
Platform
OverviewSecurityNo-codeIntegrations
Resources
ArticlesWhitepaperWebinarsEventsCase StudiesBrochuresGDPR
Contact
United Kingdom
Office CC3.19
Kennington Park, 1-3 Brixton Road
London, SW9 6DE
0204 578 2107
Denmark
Banevænget 13
3460 Birkerød
Enquires
[email protected]
© 2026 Decision Focus
United Kingdom