FOUNDED 2025 · INDEPENDENT UK PRACTICE

DORA: The 12-Month Reality Check

Pillar-by-pillar self-check for UK and EU financial entities.

Twelve months on from DORA entering into force on 17 January 2025, this paper is a pillar-by-pillar self-check: ICT risk management, incident reporting, digital operational resilience testing, third-party risk and information sharing. Includes a critical-vendor matrix and the four-hour major-incident notification clock.

Download the paper · PDF · 10 pp Related service · Operational Resilience & Business Continuity
02Use this paper when

Scenarios where this paper earns its place on the desk.

  1. 01Approaching a regulator engagement on DORA evidence
  2. 02Building or refreshing the ICT third-party register
  3. 03Scoping the next round of threat-led penetration testing
  4. 04Preparing an audit committee paper on operational resilience
  5. 05Reviewing readiness for major incident notification under Article 19
03What you'll find inside

Artefacts and templates included with the paper.

  • ARTEFACT
    DORA pillar self-check
  • ARTEFACT
    Third-party criticality matrix
  • ARTEFACT
    Major incident notification timeline
  • ARTEFACT
    TLPT scoping template
  • ARTEFACT
    Article 28 contract clauses
04If this is on your desk
RELATED SERVICE

Operational Resilience & Business Continuity

Open service  →
RELATED TOOLKIT

DORA Toolkit

Open toolkit  →
RELATED READING

The FCA First Thirty Minutes

Open  →
Paul Jolliffe, Founder of InfoSecAI
AUTHOR

Paul Jolliffe

FOUNDER · INFOSECAI · MBA · CISSP · ISO 27001:2022 LA / LI / IA · PRINCE2 Practitioner

Twenty years of senior security leadership across financial services, healthcare, government, telecoms and technology. Independent UK practice founded 2025. Author of the InfoSecAI insights library.

Book a 30-minute working consultation About the practice

Get The Brief: practitioner notes on what is changing.

Weekly. No tracking pixels, no marketing automation. Unsubscribe in one click.