DORA Compliance
EU regulation making financial entities prove they can withstand, respond to and recover from ICT disruptions — covering ICT risk, incident reporting, resilience testing and third-party risk.
Banks, insurers, investment firms, crypto-asset providers and their critical ICT third-party providers operating in the EU.
- ICT risk-management framework and incident classification/reporting
- Mandatory digital operational resilience testing
- Strict oversight of ICT third-party providers
Free DORA gap checker
Answer 8 quick questions for an instant readiness score and your priority gaps. ~2 minutes, no sign-up.
1. Do you have approved security policies and clear ownership of cyber risk?
2. How do you identify and treat information-security risks?
3. How are identity and access managed?
4. Do you maintain an inventory of assets and data?
5. How is sensitive/personal data protected?
6. What monitoring and detection do you have?
7. How prepared are you for a security incident?
8. How do you manage supplier/third-party risk?
DORA — frequently asked
Who must comply with DORA?
EU financial entities and their critical ICT third-party providers.
What does DORA require?
ICT risk management, incident reporting, resilience testing, and third-party ICT risk oversight.
How does DORA differ from NIS2?
DORA is financial-sector specific and more prescriptive on operational resilience; NIS2 is broader across sectors.
Related: all frameworks · EU hub · automate it with CortexGuard
Ready to strengthen your security posture?
Book a confidential consultation with our advisors. We'll assess where you are and map a clear path to where you need to be.