Free Interactive Tool · No Signup

DORA Gap Analysis Tool

Assess your institution's DORA compliance in 10 minutes. Answer 16 questions across all 5 pillars and get an instant score with prioritised remediation actions.

10 min 16 questions 5 pillars 100% private

How This Assessment Works

For each of the 16 statements below, select the level that best describes your current state. A score of 4 means "fully in place", 1 means "not started". We then calculate your overall DORA readiness and the gaps you need to close first.

16
Questions
5
DORA Pillars
~10
Minutes
0€
Cost
1

ICT Governance & Risk Management

DORA Articles 5-16 · RTS 2024/1774

1 Your organisation has a documented ICT risk management framework approved by the management body and reviewed at least annually.
2 You maintain a complete inventory of ICT assets with criticality classification and business function mapping.
3 Security controls (access, encryption, monitoring, vulnerability management) are implemented, documented and tested regularly.
3b Your Critical or Important Functions (CIFs) have been identified, scored against quantitative + qualitative criteria, approved by the management body, and reviewed at least annually.
2

ICT Incident Management & Reporting

DORA Articles 17-23 · RTS 2024/1772 + 2025/301

4 You have 24/7 monitoring and detection capabilities for ICT-related incidents with defined escalation paths.
5 Your incident classification process follows the 7 RTS 2024/1772 criteria (clients, reputation, duration, geography, data, criticality of services, economic impact).
6 Major incident reporting procedures meet the 4-hour / 72-hour / 1-month deadlines using the ITS 2025/302 XML templates.
3

Digital Operational Resilience Testing

DORA Articles 24-27 · TIBER-EU framework

7 You run an annual testing programme (vulnerability scans, penetration tests, scenario-based tests) with documented remediation.
8 If you are a significant entity, you have a TLPT programme planned or in execution (TIBER-EU methodology, independent Red Team, before Jan 2028).
9 Your business continuity and disaster recovery plans are tested at least annually with defined RTO/RPO.
4

Third-Party ICT Risk Management

DORA Articles 28-44 · RTS 2024/1773 + 2025/532 · ITS 2024/2956

10 You maintain a complete Register of Information of all ICT third-party providers following the ITS 2024/2956 template.
11 Contracts with critical ICT providers include all mandatory DORA clauses (audit rights, exit strategy, subcontracting, incident notification).
12 A due diligence process is applied before onboarding new ICT providers, with approval workflows for subcontracting.
13 You have documented exit strategies for every critical provider (AWS, Azure, GCP, core banking, major SaaS).
5

Information Sharing Arrangements

DORA Articles 45-47 · voluntary (encouraged)

14 You participate in information-sharing arrangements such as sectoral ISACs, IOC sharing, or equivalent threat-intelligence networks.
15 Sensitive shared data is protected by confidentiality safeguards and your sharing is aligned with DORA/GDPR.

Answer all 16 questions, then generate your report below.

Your DORA Compliance Report

0
% compliant

Score by Pillar

Priority Actions to Close Your Gaps

What to Do Next

Download Full Template

200+ criteria Excel template to go deeper with your team.

Get Template →

DORA Power Assessment

30-min expert call + personalised roadmap. 149 EUR.

Book Session →

Automate with Resiplan

Stop tracking DORA in Excel. Try our specialised SaaS free.

Try Free →

Consult an Expert

Discuss your specific gaps with a DORA specialist.

Contact Us →

How Compliant Is Your Institution?

Take our free 5-minute assessment and get an instant DORA compliance score with personalised recommendations.

Get Your Free DORA Score Join Free Monthly Webinar