Linkedin Facebook-square Instagram
Contacts
iCompliance.eu DORA Diagnosis • 5 working days
Schedule a call Request diagnosis

What is included in the DORA Diagnosis

Ideal for Compliance, Risk, IT, Security, Operations, and Management teams that need to confirm obligations, quickly reduce risk, and prepare evidence (both internally and for supervision).

Opinion on applicability and scope

Objective confirmation of scope: entities, services, and Critical/Important Functions (CIFs), dependencies, and programme boundaries.

Gap assessment by DORA pillars

Map of gaps and priorities by risk: governance & ICT risk, incidents & reporting, resilience testing, ICT third parties, and evidence.

30-60-90 day plan (quick wins)

Critical actions with owners, deadlines, and minimum evidence to gain control and reduce exposure quickly.

Roadmap 6–12 months

Realistic sequence of implementation, testing, and remediation — without document overload and with a focus on execution.

Evidence Pack (templates)

Templates for policies/procedures, incidents, reporting, ICT third parties, records, and KPIs for supervision/auditing.

Handover meeting + next steps

Guided delivery of results, internal alignment, and definition of the execution plan (team, decisions, and schedule).

DORA Checklist (PDF) — to get started right away

Checklist + essential evidence per pillar (governance/ICT risk, incidents, testing, ICT third parties, and threat intelligence).

Download PT-PT Download EN-UK

How it works (5 working days)

Simple, guided, deliverable-oriented process — with evidence and priorities by risk/effort.

1 Initial call (30–45 min)

  • Critical functions/services and dependencies
  • Suppliers and cloud
  • Objectives and deadlines (30/60/90/180)

2 Guided collection

  • Questionnaire + minimum evidence
  • Scope mapping and CIFs
  • Initial inventory of third-party ICTs

3 Gap analysis

  • Gaps per DORA pillar
  • Risk and impact on the business
  • Priorities and quick wins

4 Delivery and plan

  • Report + 30-60-90 day plan
  • 6–12 month roadmap
  • Templates and Evidence Pack

In the end, you know exactly what to do (and what to prove).

Actual perimeter (CIFs + dependencies), risk priorities, incident readiness and reporting, ICT third-party control (contracts, records, monitoring, exit plans) and organised evidence for supervision/auditing.

FAQ

Quick answers to the most common questions before proceeding.

How long does it take?

Typically 5 working days after the initial call and receipt of the minimum evidence required.

Is this an audit?

No — it is an actionable diagnosis with gaps, priorities, and a roadmap, accompanied by templates and recommended evidence.

What usually fails most in inspections/supervision?

Poorly defined perimeters/CIFs, third-party contracts without clauses/exit plans, incidents without quick classification, and scattered evidence.

Can you support implementation after diagnosis?

Yes. We can execute the 30-60-90 plan and the 6–12 month roadmap, including incident playbooks, testing, and third-party ICT pack.

I want the DORA Diagnosis

Fill out the form (recommended) and/or schedule a 30-minute call on Calendly. We will respond within 24 business hours.

Schedule DORA Diagnosis

Schedule on Calendly (inline)

By submitting the form, you authorise contact in response to your request. See the Privacy Policy.

Começar