YoctoIT Insights · 2026

NIS2 and DORA when the company's heart is an IBM i (aka "AS400")

The regulations never name the platform, but the requirements apply — above all — to the system running your ERP, production and invoicing. Good news: IBM i already ships with almost everything you need. Bad news: it must be configured, documented and tested. Here's the checklist.

Why the ERP is in scope

NIS2 covers essential and important entities (manufacturing, logistics, food, chemicals are in), DORA covers finance. Both demand the same substance: risk management, strong authentication, demonstrable business continuity, vulnerability and incident management.

The IBM i system is almost always the company's most critical asset — and paradoxically the least covered by security initiatives, which focus on Windows and cloud. A serious audit starts right there.

The operational checklist

The most common mistake

Treating compliance as a documentation project. Binders don't stop ransomware: the right sequence is fixing the technical substance (MFA, immutable copies, tests) and generating evidence as a by-product of operations. It's the approach we use with Yocto Vision: monthly reports that already are compliance documentation.

Where to start

With an honest picture: our Free Assessment photographs versions, PTFs, exposure, backup and continuity of your IBM i/Power environment and maps it against NIS2/DORA requirements. Half a day, zero commitment, and you know exactly where you stand.

Want the printable version? Download the NIS2/DORA checklist for IBM i environments — 20 prioritized controls.
Request the Free Assessment Download the NIS2/DORA checklist
YoctoIT · a Vargroup company · technical insights for decision makers