Cybersecurity · Governance Free assessment

DORA Readiness Assessment

Where you stand against DORA, across ICT risk management, incident reporting, resilience testing and third party risk, and what to close first.

DORA has made operational resilience a legal obligation for financial services, and the reach extends to the technology suppliers behind them. This assessment gives you an honest read on where you stand against the DORA pillars, from ICT risk management and incident reporting to resilience testing and third party risk, and a clear view of what to close first. Independent, and grounded in how these obligations actually land.

What you get

  • A view of where you stand against the DORA pillars: ICT risk, incident reporting, resilience testing and third party risk
  • The gaps that carry the most regulatory and operational risk, ranked
  • A practical first list of what to close, rather than a compliance essay
  • An independent perspective, unbiased and firmly on your side

Who it is for

Risk, compliance, security and IT leaders in financial services, or their critical technology suppliers, who need to know where they stand against DORA.

How it works

A focused session to understand your obligations and current controls, followed by a written readout of your gaps and priorities. Free, and with no obligation.

Frequently asked questions

What does a DORA readiness assessment cover?

Where you stand against DORA obligations across ICT risk management, incident reporting, resilience testing and third party risk, with a clear view of what to close first. It turns a broad regulation into a practical gap list.

Do we need a DORA assessment if we are a UK firm?

Possibly. DORA is an EU regulation, but UK firms serving EU clients can be pulled into its scope, and the UK has its own operational resilience and critical third parties rules. The assessment clarifies which obligations actually apply to you.

Is it free and independent?

Yes. It is a free, no obligation diagnostic from an independent adviser, so the findings reflect your real exposure rather than a pitch for a compliance product.