What does DORA Compliance Self-Assessment Tool do?

Evaluate your financial institution

Is DORA Compliance Self-Assessment Tool free?

Yes, DORA Compliance Self-Assessment Tool is completely free with no account required.

Does DORA Compliance Self-Assessment Tool work on mobile?

Yes, it works on any device with a modern browser.

DORA Compliance Self-Assessment Tool

ICT Risk Management

Governance, strategy, and framework for managing digital operational resilience.

ICT Risk Management Framework established and approved by board Comprehensive ICT asset inventory maintained and updated Business Continuity Plan (BCP) documented and aligned with risk appetite Disaster Recovery (DR) plans tested and validated annually Defined ICT risk tolerance and appetite thresholds

ICT Incident Management

Detection, classification, and reporting of operational disruptions.

Standardized ICT incident classification process implemented Reporting timelines aligned with regulatory requirements Internal communication flow for critical incidents established Root cause analysis (RCA) process for major incidents Incident logging and tracking system in place

Resilience Testing

Validation of capabilities through testing and vulnerability assessments.

Annual vulnerability scanning across all critical systems Regular penetration testing schedule established TLPT (Threat Led Penetration Testing) capability or plan Remediation tracking process for test findings Scenario-based resilience testing (e.g., ransomware simulation)

Third-Party Risk Management

Managing risks associated with ICT service providers.

Register of all ICT third-party service providers maintained Standard contractual clauses for DORA compliance in all ICT contracts Exit strategies defined for critical ICT third-party providers Due diligence process for onboarding new ICT vendors Ongoing monitoring of third-party operational resilience

Information Sharing

Collaborating with peers and regulators to enhance resilience.

Process for sharing cyber threat intelligence with other firms Participation in industry-specific ISACs or sharing forums Legal framework for secure information exchange established Internal process to ingest and act on external threat intel Reporting mechanisms for systemic risks to regulators

Your Readiness Score

Assessment complete. Review your gaps and export the report.

0%

DORA Compliance Assessment