DORA Stress? Norway Can Skip the EU’s Painful Lessons
With DORA fast approaching, Norway has a unique opportunity to implement smarter, tested frameworks - not start from scratch.
With DORA fast approaching, Norway has a unique opportunity to implement smarter, tested frameworks - not start from scratch.

DORA. For the last 5 years, this regulation has demanded the attention of the EU Finance Sector, requiring them to identify ICT service providers, manage risk, and ensure operational continuity.
A key component of DORA is the Information Register. Where firms need to submit details of their ICT service providers to The Financial Supervisory Authority (Finanstilsynet).
The Information Register requires data collection from suppliers. Lots of data collection.
This resulted in a process that consumed internal bandwidth and burdened suppliers - many of whom were fielding requests from multiple financial institutions, often with little consistency.
What started as a regulatory obligation has quickly become an operational strain.
And then along came FSQS.
Imagine a system where the information you need is already structured. Where ICT providers are classified from day one. Where risk assessments, assurance data, policies, and certifications are collected through a single system. With an option to deep dive into the specific services they provide to your organisation, aligned specifically to DORA Information Register requirements.
With a faster, less stressful route to compliance, Norway can utilise best practice from the start.
FSQS has supported over 500 businesses with the Information Register, saving thousands of admin hours across Europe.
This isn’t hypothetical. It’s already working for institutions like DAS.

Like many companies, DAS has recently struggled with the challenges surrounding DORA. We are happy with the help of Hellios and CPI Governance in realising these challenges.
David Slagter, Manager Procurement & Facilities, DAS
By adopting the Hellios system designed for supplier data collection, DAS reduced admin, met the deadline, and kept capacity for other priorities.
What is FSQS?
FSQS is a platform purpose built for regulated industries to collect and manage supplier data for procurement, security, and compliance.
The FSQS platform is used by regional groups called Communities which are each supported locally and tailored to national requirements.
Community members collaborate in sharing knowledge, best practices and designing the questionnaire and product roadmap.
This brings practical advantages for buyers: localised questionnaires, regional support teams, and a peer network of institutions facing the same challenges. Suppliers benefit from a consistent process across buyers, with the benefit of registering once and avoiding starting from zero each time.
What FSQS does for DORA
- Collect relevant data
Including supplier entity, subcontractor and UPC data, 19 ICT codes and data locations etc. - ICT Provider & Critical Subcontractor Identification
Identify and filter service providers using FSQS codes. - Year-Round Assurance
Continuous, validated supplier data - not just point-in-time snapshots. - Structured Register Submission
Pre-mapped reporting templates ready for annual regulatory returns. - Service Specific Question set
Buyer specific feature to gather DORA aligned data. - Integrated Risk and Governance
One system for Cyber, Information Security and Business Continuity requirements.
A Smarter Way Forward
Joining FSQS means you’re not operating in isolation. You’re adopting a framework that’s already delivering across Europe - and joining a community of peers tackling the same regulation.
DORA is complex. But for Norwegian firms, the path to compliance doesn’t have to be.