-
Services
Penetration Testing & Security AnalysisWeb App & API Pentesting Identify vulnerabilities in web applications and APIs Mobile Apps Pentesting Security testing for iOS and Android applications Cloud Pentesting Assess cloud infrastructure and configurations Network Pentesting Internal and external network security assessment AI/LLM Pentesting Security testing for AI and language models Web 3.0 & Smart Contracts Blockchain and smart contract security audits Cyber Investigation Digital forensics and incident investigation Pentesting-as-a-Service Continuous security testing for Agile teamsTechnical AuditsTechnical Due Diligence In-depth technology assessment for investors Architecture & Infrastructure Review Evaluate system design and infrastructure Code & Technology Assessment Code quality, tech stack, and best practices review Scalability & Enterprise Readiness Assess readiness for growth and enterprise adoption Hosting Costs Optimisation Reduce cloud and hosting spend AI Integration Audit Review AI/ML implementation and risksCompliance Audits
- About us
-
Resources
DORA Readiness Assessment
Assess your organisation against all 5 DORA pillars and 31 regulatory areas — and close every gap before regulatory deadlines.
We work alongside your team to achieve full DORA compliance, covering ICT risk management, incident response, resilience testing, and third-party risk.
request a quoteWhen is a DORA assessment critical?
What we assess
We assess your organisation against DORA requirements, with clear ratings and actionable remediation:
1. ICT Risk Management
Governance, risk framework, asset management, access control, encryption, change management, BCP/DR, continuous improvement
2. Incident Management
Detection, classification, response procedures, regulatory reporting, root cause analysis, evidence handling
3. Digital Operational Resilience Testing
Core testing capabilities (as defined by DORA Article 25):
- Vulnerability assessments and automated scanning
- Network security assessments
- Gap analysis and control validation
- Source code review (where applicable)
- Open-source intelligence and exposure analysis
- Scenario-based testing (including incident simulations)
- End-to-end and integration testing
- Compatibility and performance testing
- Penetration testing
4. Third-Party Risk Management
Vendor register, due diligence, contract compliance, concentration risk, exit strategies, ongoing monitoring
5. Information Sharing
Threat intelligence, indicators of compromise (IoCs), regulatory communication, collaboration frameworks
Our approach: from gap analysis to full compliance
1. Assessment & Gap Analysis
We assess all 31 areas through document review and stakeholder interviews, identifying gaps and control weaknesses.
2. Resilience Testing Programme
We conduct the full range of testing activities required under DORA, based on your risk profile, including:
- Vulnerability assessments
- Penetration testing
- Scenario-based resilience testing
- Support for TLPT engagements (where required)
3. Recheck & Final Compliance Report
We verify remediation and deliver a final report suitable for regulatory review and stakeholder validation.
We don't just assess — we help you reach compliance.
FAQ
Do we need a DORA assessment if we already have ISO 27001?
Yes. ISO 27001 provides a foundation, but Digital Operational Resilience Act introduces additional regulatory requirements, especially around incident reporting, resilience testing, and third-party risk.
Is DORA only about cybersecurity?
No. DORA focuses on operational resilience, combining security, risk management, incident response, and business continuity.
Can non-EU companies be subject to DORA?
Yes. If you provide ICT services to EU financial entities, DORA requirements may apply to you indirectly through contractual and regulatory obligations.
Will we receive documentation suitable for regulators?
Yes. All deliverables are designed to serve as evidence for regulators, auditors, and partners.
Move from DORA readiness to full compliance
Identify gaps, strengthen resilience, and demonstrate regulatory readiness with confidence.
