DORA tests whetherresilience holdsunder pressure.

DORA addresses digital operational resilience along five pillars: ICT risk management, handling and reporting of ICT-related incidents, digital operational resilience testing, management of ICT third-party risk and information sharing. The scope covers banks, investment firms, insurers, payment service providers, trading venues and other financial entities as well as – with significant implications – their critical ICT third-party service providers.

1. PILLAR · 01

   Digital operational resilience testing

   Financial entities must establish a risk-based testing programme – at least annually for all ICT systems supporting critical functions. We cover penetration testing, network and application security assessments, vulnerability assessments and scenario-based testing.

2. PILLAR · 02

   Threat-Led Penetration Testing (TLPT)

   Significant financial entities typically must conduct a Threat-Led Penetration Test on production systems every three years. The methodology is usually aligned with TIBER-EU. We contribute the offensive side – threat intelligence, red-team execution and documentation – closely coordinated with your test management roles.

3. PILLAR · 03

   Remediation and retest

   DORA requires not only the execution of tests but also remediation of identified weaknesses. We prioritise findings by real exploitation potential, accompany remediation and validate effectiveness in a structured retest.

• 01

  Test concept aligned with critical and important functions

• 02

  Technical reports with reproducible evidence

• 03

  TLPT documentation tailored to TIBER-EU roles

• 04

  Management summary for the board and supervisors