DORA
Skill packages tagged with “DORA”
Cross-Compliance Matrix
Produce a unified multi-framework compliance matrix mapping controls across ISO 27001:2022, NIST CSF 2.0, SOC 2 TSC, GDPR, NIS2/DORA, and NIST 800-53/CMMC. Scores coverage per framework, identifies gaps, and prioritizes remediation by cross-framework benefit and regulatory severity.
Cyber Threat Information Sharing (DORA Art. 45)
Draft information sharing arrangements for exchanging cyber threat intelligence per DORA Art. 45, covering participation agreements, data protection safeguards, sharing protocols (TLP, STIX/TAXII), and governance.
Digital Operational Resilience Testing Program (DORA)
Design the resilience testing program required by DORA Arts. 24-27, covering basic testing (vulnerability assessments, penetration testing, scenario-based tests) and advanced TLPT for significant entities per RTS 2025/1190.
DORA Capability Assessment
Draft and maintain the DORA (DevOps Research and Assessment) capability assessment document: technical and cultural capabilities that drive delivery performance, with evidence and maturity per capability, linked to the four key metrics.
DORA Gap Assessment
Conduct a comprehensive gap assessment against all five DORA pillars: ICT risk management, incident management, resilience testing, third-party risk, and information sharing. Produces a scored compliance posture and prioritized remediation roadmap.
DORA ICT Incident Classification & Reporting
Classify ICT incidents using DORA RTS 2024/1772 criteria and produce initial, intermediate, and final notification reports per ITS 2025/302 templates for submission to competent authorities.
DORA Information Register (ICT Third-Party Arrangements)
Create and maintain the Register of Information on ICT third-party service arrangements required by DORA Art. 28(3) and ITS 2024/2956. Covers entity identification, TPP data, contractual arrangements, function mapping, sub-outsourcing chains, and ICT concentration risk assessment.
DORA Metrics Narrative
Draft and maintain the DORA (DevOps Research and Assessment) four key metrics narrative: deployment frequency, lead time for changes, MTTR, and change fail rate. Covers current state, targets, trends, and measurement approach.
DORA Policy Generator
Generate the complete set of policies required by DORA from organizational context. Covers ICT security, risk management, incident management, business continuity, third-party risk, access control, encryption, and more.
ICT Business Continuity & Disaster Recovery (DORA)
Draft the ICT business continuity policy and disaster recovery plan required by DORA Articles 11-12, covering recovery objectives, switchover procedures, backup policies, continuity testing, and crisis management.
ICT Contractual Provisions (DORA Art. 30)
Draft and review contractual provisions for ICT service provider agreements per DORA Art. 30, covering general requirements, enhanced provisions for critical functions, sub-outsourcing, audit rights, data location, and exit strategies.
ICT Risk Management Framework (DORA)
Draft the complete ICT risk management framework required by the EU Digital Operational Resilience Act (DORA), covering governance, asset identification, protection, detection, response, recovery, and continuous improvement per Articles 5-16 and RTS 2024/1774.
ICT Subcontracting Oversight (DORA)
Draft the ICT subcontracting oversight framework per DORA and RTS 2025/0532, covering conditions for sub-outsourcing critical functions, notification and approval processes, concentration risk, and monitoring.
ICT Third-Party Risk Policy (DORA)
Draft the ICT third-party risk management policy required by DORA Art. 28 and RTS 2024/1773, covering strategy, due diligence, contractual provisions (Art. 30), monitoring, exit planning, concentration risk, and sub-outsourcing governance.
Management Body ICT Risk Report (DORA)
Draft periodic ICT risk reports for the management body per DORA Art. 5, covering risk posture, incidents, resilience testing, third-party risk, compliance status, and budget allocation.