DORA
Assessment
Answer honestly — the result is used to give you a realistic gap score and action list.
Question 1 of 10
· ICT-risikohÃ¥ndtering
Do you have a formal ICT risk management policy approved by the board?
Question 2 of 10
· ICT-risikohÃ¥ndtering
Do you perform ICT risk assessments at least annually?
Question 3 of 10
· HendelseshÃ¥ndtering
Do you have an incident response team (CSIRT) with defined roles?
Question 4 of 10
· HendelseshÃ¥ndtering
Do you report major ICT incidents to relevant authorities within statutory deadlines?
Question 5 of 10
· Operativ resiliens
Do you test digital operational resilience (pen-tests, TLPT) at least every three years?
Question 6 of 10
· Operativ resiliens
Do you have a disaster recovery plan (BCP/DRP) that is tested regularly?
Question 7 of 10
· Tredjepart
Do you maintain a register of critical ICT service providers?
Question 8 of 10
· Tredjepart
Do supplier contracts include exit strategy and continuity requirements per DORA Article 30?
Question 9 of 10
· Styring
Does the board have formal oversight role for ICT risk (DORA Article 5)?
Question 10 of 10
· Styring
Do you have an ICT strategy plan approved by management?
Assessment leads
We will send you a PDF report with detailed actions. No commitment.