Evaluate your financial institution's Digital Operational Resilience. Measure your actual readiness across all 6 DORA pillars based on your entity classification tier.
DORA applies proportionate requirements based on your systemic importance.
Tier 1 entities face the most stringent requirements (including mandatory Threat-Led Penetration Testing), while Tier 3 entities have simplified obligations. Your selection automatically filters the assessment questions.
This assessment model is engineered by Kerem Ozturk, former CISO at ING Bank Turkiye and Principal Consultant at DXC Technology. It reflects the exact governance and technical prerequisites utilized to secure European financial institutions.
DORA establishes uniform requirements for the security of network and information systems across the EU financial sector. Banks, insurance companies, investment firms, payment service providers, and their critical ICT service providers must demonstrate compliance or face supervisory action and significant penalties.
1. ICT Risk Management — Frameworks for identifying and managing IT risks. 2. Incident Management — Detecting, classifying, and reporting major incidents. 3. Resilience Testing — Regular testing including TLPT. 4. Third-Party Risk — Managing concentration risk and exit strategies. 5. Information Sharing — Cyber threat intelligence collaboration. 6. Governance — Board-level responsibility and internal audit.
DORA applies the principle of proportionality. Tier 1 (Significant Entities) face the most stringent requirements, such as mandatory TLPT which requires 6-12 months of preparation. Tier 3 (Small Entities) have simplified obligations while still maintaining core security baselines.
DORA entered into force on 16 January 2023 and applies from 17 January 2025. Financial entities must be fully compliant and supervisory authorities can take enforcement action for non-compliance.
