Toggle navigation
Home
Administrative
Brexit Helpful Info
Brexit Admin & Legal Services
Opening a Business in Portugal
Consulting
Strategy Consulting
Technology Consulting
Cyber Security Services
Management
Change Management
Leadership and Talent Management
Risk Management
Technology
Business Intelligence
Service Oriented Architecture
Performance Engineering
IT Management
IT Strategy
Oracle Solutions
Green IT
Cyber Services
Research
Contact
Cyber Assessments
DORA Self-Assessment
Quick operational resilience maturity self-check for financial entities. All sections submit together. No sensitive data collected.
⚠️ = Critical DORA control (mandatory for compliance)
🌐
English
Français
Português (Portugal)
Español
Nederlands
Please fix the highlighted fields.
Date
First Name
Last Name
Email
Organization
Pillar 1 — ICT Risk Management Framework
Have you confirmed DORA applicability and defined the in-scope entities/services?
Has the management body formally accepted accountability for ICT risk management and DORA compliance?
Do you have a documented ICT risk management framework and policies approved by the management body?
Have you mapped critical services/functions, supporting assets, and dependencies (incl. third parties)?
Pillar 2 — ICT Incident Management, Classification & Reporting
Do you have a documented ICT incident management process with classification criteria and reporting timelines?
Are major incidents reported to competent authorities using the required templates and channels?
Is incident logging and evidence collection sufficient for RCA and regulatory reporting?
Are lessons learned reviews conducted and tracked to closure after significant incidents?
Pillar 3 — Digital Operational Resilience Testing
Is there a risk-based ICT resilience testing programme (controls, scenarios, crisis/BCP exercises)?
If in scope, have you planned or conducted Threat-Led Penetration Testing (TLPT) within the required cycle?
Are business continuity & disaster recovery plans tested with realistic scenarios (incl. third-party failures)?
Pillar 4 — ICT Third-Party Risk Management
Do you maintain a complete register of ICT third-party arrangements and critical dependencies?
Do contracts include mandatory DORA clauses (access & audit rights, reporting, exit, sub-outsourcing)?
Are ICT providers monitored and periodically reviewed/audited (incl. performance and risk indicators)?
Do you have exit/substitution strategies for critical providers, with feasibility tested?
Pillar 5 — Information Sharing
Do you participate in appropriate threat intel or incident information-sharing initiatives?
Does internal audit/independent assurance review DORA controls and report to the management body?
Are DORA-related KPIs/KRIs defined and regularly reviewed by senior management?
Do relevant staff receive role-based training on DORA requirements and incident handling?
Submit
The data collected from this survey will be used to compile a first-pass DORA maturity snapshot. Once complete, all survey data will be permanently deleted.
Need help acting on the results? We support pragmatic DORA implementation across governance, testing, and third-party risk.