🎯 Free Website Audit. Get Yours →
Optimum Web
Sector-Specific Compliance

DORA (Financial Sector)

ICT risk assessment, third-party provider risk, resilience testing, incident reporting.

2 services · Fixed price · 14-day warranty · Senior engineers only

Third-Party ICT Provider Ris… (€359)DORA TLPT — Threat-Led Penet… (from €15,000)
DORACR-DORA-02

Third-Party ICT Provider Risk Report

DORA third-party ICT risk: provider catalogue, critical classification, concentration risk, contractual review, sub-outsourcing analysis. For financial sector. €359.

€359 5–7 business days
14-day warranty
DORACR-DORA-05

DORA TLPT — Threat-Led Penetration Testing (Premium)

DORA Art. 26–27 TLPT for significant financial entities. TIBER-EU aligned, live production red team, threat intelligence, regulator summary. From €15,000. Every 3 years.

from €15,000 12–16 weeks
14-day warranty

Frequently Asked Questions

What makes an ICT provider 'critical' under DORA?+
DORA considers: impact on service continuity if provider fails, difficulty of substitution, data sensitivity, and geographic concentration. Cloud infrastructure providers are almost always critical.
What does DORA require in ICT contracts?+
Article 30 specifies mandatory contractual provisions: SLAs, data location requirements, audit rights, breach notification timelines, exit strategies, and sub-outsourcing restrictions. We gap-check your existing contracts.
What is sub-outsourcing risk?+
When your ICT provider outsources to their own providers. Example: you use a fintech SaaS that runs on AWS — AWS is a sub-outsourcing dependency. DORA requires transparency into these chains.
How does this differ from Vendor Risk Assessment (CR-SOC-07)?+
CR-SOC-07 covers general vendor risk for SOC 2. This service adds DORA-specific requirements: critical provider classification, DORA Article 30 contractual review, concentration risk, and sub-outsourcing analysis specific to financial regulation.
Can we combine with Supply Chain Audit (CR-NIS2-07)?+
Yes. CR-NIS2-07 covers software supply chain and NIS2 requirements. This service adds DORA's financial-sector requirements. If subject to both, we recommend doing them together.

Also in Sector-Specific Compliance

NIS2 Directive

Applicability, gap analysis, supply chain audit, management training, quarterly reviews.

6 services

EU AI Act

AI system inventory, risk classification, Annex IV documentation for EU AI Act compliance.

2 services

Cyber Resilience Act (CRA)

CRA readiness assessment for software products, SBOM setup, CE marking guidance.

1 services

Accessibility (EAA / WCAG)

WCAG 2.1 Level AA audit. Required by European Accessibility Act for e-commerce.

1 services
€5

Not Sure Where to Start?

Our IT Health Check finds every compliance gap in your infrastructure. 1 business day. You get a prioritized list of what to fix.

IT Health Check — €5

Not sure which service you need?

Free Consultation ← Back to Sector-Specific Compliance
📞Call Us💬Get Free Quote