The purpose-built platform for EU financial entities to manage ICT risk governance, incident reporting, resilience testing, and third-party oversight — in one structured system.
Financial entities face enforcement now — but most manage compliance with disconnected tools, manual processes, and no audit trail.
Risk registers in Excel, controls in SharePoint, incidents in email. No single source of truth for auditors or board reporting.
69 regulatory requirements across Articles 5–14 alone. Tracking compliance status, gap analysis, and evidence collection by hand doesn't scale.
When the NCA comes knocking, you need timestamped audit trails, version-controlled documents, and traceable risk decisions — not a folder of PDFs.
No consultants, no implementation projects. Three steps to structured DORA compliance.
Create your account, set up governance roles, and import your ICT asset inventory. Pre-loaded with all 69 DORA requirements.
Run gap analysis against each article, build your risk register with Bowtie analysis, and map critical function dependencies.
Track compliance progress on the dashboard, manage incidents and tests, and export audit-ready reports with full traceability.
Structured coverage of every regulatory requirement — governance, incidents, testing, and third-party risk.
Management body roles, ICT risk framework with version control, critical function register, BIA, and dependency mapping.
Risk register with Bowtie visualization, control library, incident classification, heat maps, trend analytics, and risk appetite decisions.
Test programme, coverage matrix linked to CIFs and controls, finding tracking with remediation workflows, and TLPT phase management.
Provider register with CTPP classification, contract clause tracking, concentration risk analysis, and Register of Information.
Every feature maps directly to regulatory requirements — no generic GRC overhead.
Every requirement from DORA Articles 5–14, pre-loaded with article references and gap analysis. Track assessment status across your entire regulatory surface.
| Article | Requirement | Status |
|---|---|---|
| Art. 5 | Management body approval of ICT risk framework | Compliant |
| Art. 6 | Documented ICT risk management framework | Compliant |
| Art. 8 | CIF identification and classification | Partial |
| Art. 9 | ICT risk identification and assessment | Compliant |
| Art. 11 | Business continuity policy and BIA | Gap |
Visualize risk causes, preventive controls, risk events, recovery controls, and consequences in the industry-standard Bowtie diagram — linked to your control library.
5×5 risk heat map with configurable tolerance thresholds, automatic risk appetite decisions, and historical trend charts showing how your risk posture evolves.
Create remediation tasks from compliance gaps, risk treatments, incidents, and test findings. Track priority, assignees, due dates, and completion — all with full audit trail.
| Task | Source | Priority | Status |
|---|---|---|---|
| TSK-001 | Art. 11 gap | Critical | In Progress |
| TSK-002 | Risk R-003 | High | Open |
| TSK-003 | INC-2026-001 | Critical | Done |
| TSK-004 | Test findings | High | Open |
Three-level document hierarchy (L1 Policies → L2 Standards → L3 Procedures) with version control, ownership, approval tracking, and gap analysis.
Visualize how critical functions depend on business processes, ICT assets, and third-party providers. Interactive SVG map with drill-down.
Wizard-driven BIA with MTPD, RTO, and RPO assessments. Auto-tiered criticality scoring across four impact dimensions.
Step-by-step classification wizard aligned with ITS reporting templates. Severity assessment and regulatory reporting stage tracking.
Every action logged with timestamp, user, entity, and value. Audit log with search, filtering, and JSON export for regulatory review.
Admin, analyst, and viewer roles with session-based authentication. User management, password policies, and activity attribution.
No per-user fees. No implementation consultants. One platform, one price.
DORA (EU Regulation 2022/2554) is EU legislation requiring financial entities to build end-to-end digital operational resilience. It covers ICT risk management, incident reporting, resilience testing, third-party risk oversight, and information sharing. Enforcement began January 17, 2025, applying to banks, insurers, investment firms, payment institutions, crypto-asset service providers, and their critical ICT providers.
DORA applies to virtually all regulated financial entities in the EU — credit institutions, insurance and reinsurance undertakings, investment firms, payment institutions, electronic money institutions, crypto-asset service providers, and critical ICT third-party service providers (CTPPs). The regulation covers over 22,000 entities across the EU.
DORA GRC is designed for rapid deployment. The platform comes pre-loaded with all 69 regulatory requirements, framework document templates, and risk categories. Most organizations can be operational within 1–2 weeks, with ongoing configuration as their compliance programme matures. No consultants or implementation partners required.
DORA GRC is hosted on Cloudflare's global edge network with data stored in Cloudflare D1 (SQLite-based). All data is encrypted in transit (TLS 1.3) and at rest. Session tokens use PBKDF2 with 100,000 iterations. The platform includes role-based access control, complete audit trails, and session expiry. No data is shared with third parties.
Yes. DORA GRC includes a full data export function that produces a timestamped JSON snapshot of all registers — governance roles, framework state, CIF functions, risks, controls, incidents, tests, providers, contracts, review tasks, and more. The audit log is also fully exportable with user attribution for every action.
The platform is currently purpose-built for DORA compliance. Multi-framework mapping (DORA ↔ ISO 27001 ↔ NIS2) is on our roadmap. However, the risk management, control library, and audit trail capabilities align with ISO 27005 and ISO 31000 methodology, so much of the work translates directly to other frameworks.
Have questions about DORA compliance or our platform? Send us a message.
Whether you're evaluating the platform, need help with DORA compliance, or want a tailored demo — we're here to help.
Start with a free trial — no credit card, no consultants, no setup fees.
Start Free Trial →