A practical checklist guiding financial entities and ICT providers through DORA compliance,
covering scope, ICT risk management, incident reporting, third-party risk, resilience testing, and
audits.
Compliance12 Mai, 2026
The DORA compliance checklist
Wichtigste Erkenntnisse
- Operational resilience is now a regulatory obligation, not an IT issue. DORA makes boards and senior leaders directly accountable for ICT risk management, incident response, and digital resilience across the enterprise.
- Third-party ICT risk is a core driver of enterprise risk exposure. Organizations must formally assess, contract, monitor, and test the resilience of critical ICT service providers to reduce systemic and concentration risk.
- Resilience must be tested, measured, and continuously improved. Regular resilience testing—including advanced threat-led testing—shifts organizations from compliance checklists to proven operational readiness.
- DORA aligns compliance with long-term competitive advantage. Beyond avoiding penalties, strong DORA alignment enhances stakeholder trust, reduces disruption risk, and strengthens market confidence.
Preliminary steps for DORA compliance
Understand DORA’s scope (Article 2)
☐ Review the regulation in detail and analyze your organization’s operations to see if it qualifies as a financial entity or critical third-party information and communication technology (ICT) service provider.
☐ Understand the specific requirements relevant to your organization’s role within the financial ecosystem, such as ICT risk management or incident reporting.
Conduct a gap analysis
☐ Identify where existing ICT risk management frameworks and practices diverge from DORA’s requirements per Article 5 (Article 5).
☐ Evaluate current governance structures, ICT incident response protocols (Article 17), third-party risk management (TPRM) strategies (Articles 28-30), and resilience testing measures to ensure alignment with DORA.
☐ Review existing documentation, such as business continuity plans and ICT policies, to identify weaknesses or areas requiring updates.
Receive a copy of this resource.
Fill out the form below and receive the full checklist in your inbox.
Sie vermissen unten ein Formular?
Sie müssen die Cookie-Einstellungen ändern, um das Formular anzeigen zu können. Klicken Sie auf die Schaltfläche unten, um Ihre Einstellungen zu aktualisieren und alle Cookies zu akzeptieren. Weitere Informationen finden Sie in unserer Datenschutz- und Cookie-Erklärung.