Process Magnet by aiio
Request a demo
Compliance

DORA & NIS2: processes lived and provable

10 June 2026 · aiio · 2 min

DORA for the financial sector, NIS2 for critical and important entities: the regulatory bar sits higher than the plain ISO certification of old. Having described a procedure is no longer enough. It must be demonstrably lived.

What does the new regulation actually require?

DORA and NIS2 require that risk, incident and outsourcing processes not only exist but are effective and verifiable. Supervisors and auditors want evidence: who did what, when, by which workflow, with which escalation? A process description in the wiki isn’t proof of that — it’s a claim.

Why does the old filing tear exactly here?

Because documented and lived process drift apart. The description comes from a project, reality has moved on, and no one had the time to keep both in sync. When it matters — incident or audit — what counts isn’t the target in the folder but the actual state in the systems. And the actual state sits nowhere coherent.

An example: the incident-response process is cleanly documented. But in the last real incident, escalation ran by phone and email because it had to be fast. That lived trail is exactly what the examiner asks for — and exactly what’s missing from the documentation.

How does “lived” become provable at all?

By having the process view come from the systems where the case really runs — ticket, email, ERP, call — instead of from separate documentation. When evidence emerges from the lived trail, it’s by definition close to reality. Audit-readiness means exactly that: being able to show at any time that requirement and practice match.

What does that mean for preparation?

The evidence should fall off as a by-product, not be scraped together in weeks of work before every deadline. Instead of a once-a-year documentation special shift, Magnet keeps the actual workflow continuously current — the basis on which an audit is no longer a special project, but an export of what already exists.

The structured path is in the guide Audit-readiness step by step; why the doc pile no longer holds is in Audit documentation that actually holds.

See it on your real systems.

We look at your case together — and show what Magnet pulls from your systems.

Request a demo
Request a demo

See Magnet on your real systems.

We look at your case together — and show what Magnet pulls from your systems. No configurator, no sales pitch.