What is the primary goal of DORA?

The Digital Operational Resilience Act (DORA) aims to strengthen the IT security of financial entities such as banks, insurance companies, and investment firms to ensure the EU financial sector remains resilient during severe operational disruption.

Who needs to comply with DORA?

DORA applies to a wide range of financial institutions in the EU, including credit institutions, payment institutions, investment firms, and critical ICT third-party service providers.

What are the 5 pillars of DORA?

The five pillars are: ICT Risk Management, ICT-related Incident Reporting, Digital Operational Resilience Testing, ICT Third-Party Risk Management, and Information Sharing.

DORA Compliance

DORA Compliance Offers

DORA compliance assessment

Independent assessment to understand current readiness for DORA requirements and identify what needs to be addressed before the regulation applies.

Review of ICT policies, standards, and plans against DORA requirements.

Evaluation of systems, processes, and ICT risk controls.

Identification of gaps across ICT risk management and operational resilience.

Clear compliance roadmap outlining required changes and next steps.

Deliverables:

Independent assessment with a clear roadmap to close compliance gaps for financial entities.

Request this service

DORA requirements implementation

Practical support to implement DORA’s organisational and technical requirements and build a sustainable operational resilience framework.

Development of required DORA policies and documentation.

Setup and alignment of an Information Security Management System (ISMS).

Business continuity, incident response, and crisis management frameworks.

ICT asset management, classification, and risk ownership.

Backup, recovery, and resilience processes aligned with regulatory expectations.

Deliverables:

End-to-end DORA compliance supported by a future-proof ISMS to sustain operational resilience.

Request this service

CISO for DORA

Flexible access to senior security leadership to support DORA compliance on an ongoing basis.

Strategic oversight and compliance roadmap for DORA and related regulations.

Ongoing ICT risk and resilience guidance at management level.

Regular risk reporting and clear communication for leadership teams.

Support during audits and interactions with supervisory authorities.

Flexible expert hours covering a wide range of security and compliance needs.

Deliverables:

On-demand security leadership ensuring sustainable compliance and operational resilience.

Request this service

Our DORA Compliance Process

DORA readiness assessment

We begin with a DORA compliance assessment to understand how current ICT risk management, policies, and controls align with regulatory requirements. This includes a maturity review and gap analysis, highlighting areas that require remediation and where to focus first.

Remediation planning & roadmap

Assessment findings are mapped to DORA requirements and translated into a clear, realistic roadmap outlining required actions and timelines.

DORA controls implementation

We support the end-to-end implementation of agreed organisational and technical controls, including ISMS implementation, ICT asset management and ownership, incident response, disaster recovery, and business continuity planning.

04

Ongoing DORA compliance

Through CISO for DORA services, we provide ongoing support to help organisations maintain compliance as risks, systems, and regulatory expectations evolve. This includes ongoing risk monitoring, control effectiveness reviews, and support with regulatory reporting and supervisory interactions when required.

Why Baltic Amadeus

Compliance-first approach.

Certified experts.

Senior security guidance.

Certifications

CISA

Certification mark for TÜV Thüringen with a red checkmark and a red mask symbol.

ISO 27001

CISSP

CISM

FAQ

How much does DORA compliance support typically cost?

It depends on where you are starting from. Some organisations only need a short readiness review, while others need help with implementation or ongoing support. We usually start by understanding your setup and then suggest a scope that fits your needs and budget.

How does DORA relate to NIS2 and ISO 27001?

They cover similar topics, but they are not the same. DORA is a mandatory regulation for the EU financial sector. NIS2 applies to a wider range of organisations, and ISO 27001 is a voluntary standard. If you already work with NIS2 or ISO 27001, you are part of the way there, but DORA still adds its own requirements.

What are the main DORA requirements?

DORA is about helping EU financial organisations stay operational during disruptions. It sets clear rules for ICT risk management, incident reporting, business continuity and recovery planning, resilience testing, and oversight of critical ICT suppliers.

DORA Compliance Services

Gabrielius Vinciūnas

Paulius Užkurėlis

DORA Compliance Offers

DORA compliance assessment

DORA requirements implementation

CISO for DORA

Industries We Support

Financial institutions

ICT service providers

Our DORA Compliance Process

DORA readiness assessment

Remediation planning & roadmap

DORA controls implementation

04

Ongoing DORA compliance

Why Baltic Amadeus

Compliance-first approach.

Certified experts.

Senior security guidance.

Certifications

FAQ

How much does DORA compliance support typically cost?

How does DORA relate to NIS2 and ISO 27001?

What are the main DORA requirements?

Related Services

NIS2 Compliance

MiCA Compliance

CISO as a Service

Penetration Testing

Let’s talk about your project

Starting something new or need support for an existing project? Reach out, and our experts will get back to you within one business day.

Start the conversation