A practical checklist guiding financial entities and ICT providers through DORA compliance,
covering scope, ICT risk management, incident reporting, third-party risk, resilience testing, and
audits.
Súlad s predpismi12 mája, 2026
The DORA compliance checklist
Hlavné poznatky
- Operational resilience is now a regulatory obligation, not an IT issue. DORA makes boards and senior leaders directly accountable for ICT risk management, incident response, and digital resilience across the enterprise.
- Third-party ICT risk is a core driver of enterprise risk exposure. Organizations must formally assess, contract, monitor, and test the resilience of critical ICT service providers to reduce systemic and concentration risk.
- Resilience must be tested, measured, and continuously improved. Regular resilience testing—including advanced threat-led testing—shifts organizations from compliance checklists to proven operational readiness.
- DORA aligns compliance with long-term competitive advantage. Beyond avoiding penalties, strong DORA alignment enhances stakeholder trust, reduces disruption risk, and strengthens market confidence.
Preliminary steps for DORA compliance
Understand DORA’s scope (Article 2)
☐ Review the regulation in detail and analyze your organization’s operations to see if it qualifies as a financial entity or critical third-party information and communication technology (ICT) service provider.
☐ Understand the specific requirements relevant to your organization’s role within the financial ecosystem, such as ICT risk management or incident reporting.
Conduct a gap analysis
☐ Identify where existing ICT risk management frameworks and practices diverge from DORA’s requirements per Article 5 (Article 5).
☐ Evaluate current governance structures, ICT incident response protocols (Article 17), third-party risk management (TPRM) strategies (Articles 28-30), and resilience testing measures to ensure alignment with DORA.
☐ Review existing documentation, such as business continuity plans and ICT policies, to identify weaknesses or areas requiring updates.
Receive a copy of this resource.
Fill out the form below and receive the full checklist in your inbox.
Nevidíte dole formulár?
Ak chcete, aby sa vám formulár zobrazil, musíte si zmeniť nastavenia súborov cookie. Kliknutím na tlačidlo nižšie aktualizujete svoje predvoľby a akceptujete všetky súbory cookie. Ďalšie informácie nájdete v našom oznámení o ochrane osobných údajov a používaní súborov cookie.