Skip to main content
ResiPlan
DORA · Reg. EU 2022/2554

DORA Readiness Checklist

Tick what you already have in place and get your DORA readiness score in real time. Free, no sign-up. ResiPlan then turns this checklist into a compliant, evidenced programme.

0/210%
High exposure — start now.

1. ICT Risk Management Framework (Art. 5-15)

2. ICT Third-Party Risk (Art. 28-30)

3. Incident Management & Reporting (Art. 17-23)

4. Digital Operational Resilience Testing (Art. 24-27)

5. Business Continuity & Recovery

From checklist to programme

1

Assess

Tick where you stand — the score shows your exposure at a glance.

2

Automate

In ResiPlan, each item becomes a tracked control with an owner and a due date.

3

Evidence

Collect proof once and export an audit-ready pack for your regulator.

Frequently asked questions

Who does DORA apply to?

Financial entities (banks, insurers, investment firms, payment institutions and more) and their critical ICT third-party providers across the EU, from 17 January 2025.

What is the Register of Information?

A structured register of all ICT third-party arrangements (Art. 28/31) that you must maintain and be able to submit to your regulator in the ESAs' format.

Do we need threat-led penetration testing (TLPT)?

Significant financial entities must run TLPT on a multi-year cycle. ResiPlan tracks scope, scenarios and remediation so you stay on schedule.

From checklist to evidence

ResiPlan automates the provider register, AI criticality justification, incident reporting and DORA audit evidence — from a single source of truth.

DORA Readiness Checklist (2026) — free interactive tool | ResiPlan