A practical checklist guiding financial entities and ICT providers through DORA compliance,
covering scope, ICT risk management, incident reporting, third-party risk, resilience testing, and
audits.
Compliancemaj 12, 2026
The DORA compliance checklist
Vigtigste pointer
- Operational resilience is now a regulatory obligation, not an IT issue. DORA makes boards and senior leaders directly accountable for ICT risk management, incident response, and digital resilience across the enterprise.
- Third-party ICT risk is a core driver of enterprise risk exposure. Organizations must formally assess, contract, monitor, and test the resilience of critical ICT service providers to reduce systemic and concentration risk.
- Resilience must be tested, measured, and continuously improved. Regular resilience testing—including advanced threat-led testing—shifts organizations from compliance checklists to proven operational readiness.
- DORA aligns compliance with long-term competitive advantage. Beyond avoiding penalties, strong DORA alignment enhances stakeholder trust, reduces disruption risk, and strengthens market confidence.
Preliminary steps for DORA compliance
Understand DORA’s scope (Article 2)
☐ Review the regulation in detail and analyze your organization’s operations to see if it qualifies as a financial entity or critical third-party information and communication technology (ICT) service provider.
☐ Understand the specific requirements relevant to your organization’s role within the financial ecosystem, such as ICT risk management or incident reporting.
Conduct a gap analysis
☐ Identify where existing ICT risk management frameworks and practices diverge from DORA’s requirements per Article 5 (Article 5).
☐ Evaluate current governance structures, ICT incident response protocols (Article 17), third-party risk management (TPRM) strategies (Articles 28-30), and resilience testing measures to ensure alignment with DORA.
☐ Review existing documentation, such as business continuity plans and ICT policies, to identify weaknesses or areas requiring updates.
Receive a copy of this resource.
Fill out the form below and receive the full checklist in your inbox.
Mangler formularen herunder?
For at se formularen skal du ændre dine indstillinger for cookies. Klik på knappen nedenfor for at opdatere dine præferencer for at acceptere alle cookies. Du kan læse flere oplysninger om cookies i vores Meddelelse om privatliv og cookies.