Probably you already has documented security policies in place for GDPR, but these need to be supplemented and updated for DORA.