Assess your current state against DORA requirements. This assessment takes 5-10 minutes.

Pillar 1: ICT Governance & Risk Management

Complete: Formal governance framework established

Partial: Some governance in place, gaps remain

Minimal: Very limited governance structure

Complete: All required ICT controls implemented

Partial: Core controls implemented, some gaps

Minimal: Basic controls only

Pillar 2: Incident Management

Complete: 24/7 monitoring and detection systems

Partial: Monitoring in place during business hours

Minimal: Limited or manual monitoring

Complete: Regulatory reporting procedures defined

Partial: Some reporting procedures in place

Minimal: No formal reporting procedures

Pillar 3: Digital Operational Resilience Testing

Complete: TLPT conducted annually by external tester

Partial: Some testing conducted internally

Minimal: No formal threat-led testing

Complete: Backup/recovery tested quarterly

Partial: Backup/recovery tested annually

Minimal: Limited or no testing

Pillar 4: Third-Party ICT Risk Management

Complete: Complete inventory of all ICT service providers

Partial: Most providers documented

Minimal: Incomplete or no inventory

Complete: All contracts include DORA clauses

Partial: Some contracts updated with DORA terms

Minimal: No DORA-specific contractual terms

Pillar 5: Information Sharing

Complete: Participating in information sharing arrangements

Partial: Limited participation in sharing

Minimal: No formal information sharing

Your DORA Gap Analysis Results

DORA Gap Analysis Tool