DORA Readiness Checklist
Tick what you already have in place and get your DORA readiness score in real time. Free, no sign-up. ResiPlan then turns this checklist into a compliant, evidenced programme.
1. ICT Risk Management Framework (Art. 5-15)
2. ICT Third-Party Risk (Art. 28-30)
3. Incident Management & Reporting (Art. 17-23)
4. Digital Operational Resilience Testing (Art. 24-27)
5. Business Continuity & Recovery
From checklist to programme
Assess
Tick where you stand — the score shows your exposure at a glance.
Automate
In ResiPlan, each item becomes a tracked control with an owner and a due date.
Evidence
Collect proof once and export an audit-ready pack for your regulator.
Frequently asked questions
Who does DORA apply to?
Financial entities (banks, insurers, investment firms, payment institutions and more) and their critical ICT third-party providers across the EU, from 17 January 2025.
What is the Register of Information?
A structured register of all ICT third-party arrangements (Art. 28/31) that you must maintain and be able to submit to your regulator in the ESAs' format.
Do we need threat-led penetration testing (TLPT)?
Significant financial entities must run TLPT on a multi-year cycle. ResiPlan tracks scope, scenarios and remediation so you stay on schedule.
From checklist to evidence
ResiPlan automates the provider register, AI criticality justification, incident reporting and DORA audit evidence — from a single source of truth.