DORA Compliance Checklist

Published: March 17, 2026 Author: Marc-Antoine Lemarchand

Strategic preparedness for the Digital Operational Resilience Act (DORA).

ICT Risk Management

Identify and map all critical functions and ICT assets.

Establish a comprehensive ICT Risk Management Framework.

Implement business continuity and disaster recovery plans.

Define classification criteria for ICT-related incidents.

Standardize reporting templates for regulatory authorities.

Establish internal escalation procedures for high-priority incidents.

Perform regular vulnerability assessments and network scans.

Conduct advanced TLPT (Threat Led Penetration Testing) for critical systems.

Review and update contracts with critical ICT third-party providers.

Ensure 'Exit Strategies' are documented for all critical outsourced services.