Run a complete cyber, IT, operational-resilience or third-party risk assessment of an EU financial entity. Excel questionnaires with the exact questions to ask, ISO control references, maturity and risk scoring, a 5×5 heatmap and a live dashboard — plus a methodology guide for every domain.
30 audit-ready questions per domain, grouped by theme — no blank page.
Every question cites a control standard and the DORA article behind it.
Maturity 0–4 and Likelihood×Impact risk, with an auto 5×5 heatmap.
Scores, charts and risk distribution update as you fill the workbook.
How to scope, who to interview, how to score and how to report.
Each toolkit is a self-contained engagement kit: one Excel workbook + one methodology PDF. €79 each, or take all eight in the bundle below.
Assess the cyber security control environment end to end: governance, identify, protect, detect, respond & recover, and security testing.
ISO 27001/27002/27005 + NIST CSF 2.0 - 30 questions
€79 excl. VAT one-off · lifetime updates
Buy & download — €79Assess the ICT risk management framework (DORA Pillar 1): governance, framework & policies, asset & dependency mapping, controls and monitoring.
ISO 31000/27005/27001 + COBIT 2019 - DORA Pillar 1 - 30 questions
€79 excl. VAT one-off · lifetime updates
Buy & download — €79Assess operational resilience: critical-function mapping, BIA & impact tolerances, continuity & DR, scenario testing and crisis management.
ISO 22301/22317/22316 + ISO 27031 - DORA Art. 11-12/24-27 - 30 questions
€79 excl. VAT one-off · lifetime updates
Buy & download — €79Assess ICT third-party risk (Pillar 4): due diligence, Article 30 contracts, Register of Information, monitoring, concentration & exit.
ISO 27036 + ISO 27001 supplier controls - DORA Art. 28-30 - 30 questions
€79 excl. VAT one-off · lifetime updates
Buy & download — €79Assess incident management & reporting (Pillar 2): detection, classification of major incidents, the 4h / 72h / 1-month reporting timelines, root-cause and testing.
ISO 27035 + ISO 27001 incident controls - DORA Pillar 2 (Art. 17-23) - 30 questions
€79 excl. VAT one-off · lifetime updates
Buy & download — €79Assess resilience testing & TLPT (Pillar 3): the testing programme, vulnerability management, scenario & penetration testing, and TLPT / TIBER-EU alignment.
ISO 27001 testing + TIBER-EU - DORA Pillar 3 (Art. 24-27) - 30 questions
€79 excl. VAT one-off · lifetime updates
Buy & download — €79Assess ICT concentration & cloud risk (Art. 29): dependency mapping, cloud-specific risk, substitutability, sub-outsourcing chains and exit strategies.
ISO 27017/27018/27036 - DORA Art. 29 - 30 questions
€79 excl. VAT one-off · lifetime updates
Buy & download — €79Assess governance & accountability (Art. 5): management-body responsibility, risk appetite, roles & segregation, policy approval and board oversight.
ISO 27001 leadership + ISO 37000 + COBIT 2019 - DORA Art. 5 - 30 questions
€79 excl. VAT one-off · lifetime updates
Buy & download — €79All eight domain toolkits and their methodology guides, plus a master workbook to run a full risk programme across the entity — covering the five DORA pillars.
Built to be picked up and used on a client engagement the same day.
A ready-made, re-brandable engagement kit so you can deliver a credible DORA risk assessment without building it from scratch.
Run a structured self-assessment with defensible ISO-based scoring your board and supervisor will recognise.
A consistent question set and evidence trail to test the ICT and resilience control environment.
Each domain is one Excel workbook (.xlsx) plus one methodology guide (PDF). The bundle adds a master Excel workbook. Everything downloads instantly after checkout and the link is reusable.
ISO/IEC 27001, 27002, 27005, NIST CSF 2.0 and ISO/IEC 27035 (cyber); ISO 31000, ISO/IEC 27005/27001 and COBIT 2019 (IT/ICT); ISO 22301, 22317, 22316 and ISO/IEC 27031 (operational resilience); ISO/IEC 27036 and ISO/IEC 27001 supplier controls (third-party) — each cross-referenced to the relevant DORA articles.
Yes. They are templates for professional use on your engagements. Lifetime updates are included — revised editions are emailed to your purchase address.
Yes. An EU VAT invoice is issued automatically at checkout; enter your VAT number for the reverse-charge invoice.
Looking at compliance maturity instead of risk? See the 5-pillar assessment toolkits or compare all kits. All prices exclude VAT; an EU VAT invoice is issued at checkout. These materials are professional templates, not legal advice.
Take our free 5-minute assessment and get an instant DORA compliance score with personalised recommendations.