top of page

We offer various distinct DORA services

 

1. DORA-COMP 

This is the 'top down' approach to assess DORA compliance for entities, both financial services (FS) firms and Third-Party ICT service Providers (TPP) to FS firms. 

 

The DORA-COMP service is focused on the your obligations within the 'five pillars' of DORA, namely Articles 5 to 45.  Our consultants work closely with your team and guide you through the process of assessing and scoring your DORA compliance levels by Article, using a RAG (Red, Amber, Green) reporting mechanism.  This RAG information is included in your DORA Audit Report together with your DORA Action Plan, evidentiary references and supplemented with your 'register of information' see 1 and 2 in the illustration. 

​

This is a fixed price service based on your selection from our DORA-COMP Service Catalogue below.  

 

This is a fixed price service based on your size from our DORA-COMP Service Catalogue below.  Variations in scope can be priced on request.

 

2 DORA-TPP 

 

This is the 'bottom up' approach to DORA focusing on identifying whether or not your major client to TPP contractual agreements are DORA compliant.

 

This service is managed by us, working with a single TPP on their contracts with a single client. This service provides a structured mechanism for TPPs (with client input) to work with our independent consultants to undertake a DORA (RAG based) compliance assessment of your major  contractual agreements.

 

In addition, this service including working with the TPP to create the entries in the DORA 'register of information' worksheets for their contracts with the client. 

 

Thus, TPPs can operate in parallel with (or prior to) the financial entity undertaking its own DORA compliance assessment.

 

This is a fixed price service based on your selection from our DORA-TPP Service Catalogue below.  Variations in scope can be priced on request.

3 DORA-REM 

​

DORA Remediation Management offers our services as part of your project team to implement the DORA Improvement Projects from the Action Plan that was included in your DORA Audit Report, see 3 in the DORA-COMP illustration above.  A few examples of how we can help are:

a. Our experienced ICT consultants (and / or partners such as Horizon 7) can assist in risk identification and root cause analysis of the components (applications, and infrastructure configuration items and assets) in your Service Maps to improve the resilience of your critical services

b. We can assist you to develop missing DORA / resilience documents within your ICT document library by using best practice templates

c. We can do 'in-flight' DORA gap analysis to see if the remediation project work is 'shifting the needle' on particular compliance matters.

​

This service operates on a T&M basis, typically with an agreed statement of work.

4 DORA-CFX 

​

DORA-CFX (Conformance) is a service for UK financial entities and organisations that are not subject to DORA audits and penalties but wish to voluntarily conform / align to DORA good industry practice.  This is also known as the DORA-Lite service.

 

The gap analysis and assessment is made in the same way as for DORA-COMP but the reliance upon 'audit-quality' documentation is less.  Instead of a register of information we work with you to compile your portfolio of top ten Third-Party Provider contractual arrangements and undertake high level service mapping against towers.

​

To a certain degree this can be seen as DORA-Lite as it takes less time to complete, is 25% more affordable than DORA-COMP and a comprehensive DORA Conformance Report is produced together with an Action Plan for DORA Improvement Projects. 

 

This is a fixed price service based on our DORA-CFX Service Catalogue below.  Variations in scope can be priced on request.

5 DORA-RoI 

​

DORA-RoI (Register of Information) is a service available for all financial entities where we apply our expertise and tools to your third-party provider agreements to create your Register of Information, using the current and official DORA templates.

 

Our many years of outsource contracting expertise plus our deep knowledge of DORA ensures a Functional, Fast and affordable service.

 

Our DORA-RoI service may be of particular use if you are seeking to have your RoI templates ready for the end of August 2024 DORA RoI Dry Run programme, or to meet your January 2025 deadline.

​

Clients recognise the value of us working alongside 'big brand' and other firms who are providing existing DORA and resilience services.

​

See the DORA-RoI Starter Product in our DORA Shop to set up your NDA, create your Statement of Work obtain expert assistance on your RoI project to help you meet your looming deadlines.  

DORA-COMP Service Catalogue for entities (FS firms and Third-Party Providers) 

DORA-TPP Service Catalogue for contract / agreement compliance assessment

DORA-CFX (Conformance) Service Catalogue for entities (FS firms and TPPs) plus other organisations that are not subject to DORA Regulations 

Feel free to contact me on UK 07887 932657 (during office hours) for an informal discussion on the above, or any points on DORA Regulation, Compliance, register of information and DORA Conformance.  My email is mboyle@doracompliant.com.

bottom of page