DORA ICT TPRM • defensible outputs • fixed timelines

DORA-aligned supplier risk assessment

Expert-led supplier assessment aligned with the EU Digital Operational Resilience Act (DORA) for ICT and critical third-party providers.

Free Essential OSINT screening for registered corporate accounts (non-public email domains).

  • Focused on DORA-relevant supplier controls (security, resilience, governance)
  • Human review of supplier answers & evidence — not AI-only
  • Clear scope and boundaries to keep delivery predictable

How the DORA assessment works

One supplier, one DORA use case (preset). Start with OSINT, then add supplier evidence when needed.

Step 1

Run Essential OSINT screening

Quick public-source signals to identify obvious supplier risk early.

Step 2

Collect supplier inputs

Supplier completes structured questionnaires and provides supporting evidence relevant to DORA.

Step 3

Receive a defensible output

Expert-reviewed findings, clear scope, and a board-ready summary to document DORA TPRM decisions.

Pricing plans

DORA preset pricing (excl. VAT). Each order covers one supplier and one DORA use case (preset). The scope is fixed and cannot be extended with additional modules.

DORA preset has a fixed scope (no extra modules). Custom assessments are priced per module.

VAT is applied based on customer location and VAT status. EU business customers with a valid VAT ID are typically charged 0% VAT under reverse charge.

Essential

Automated OSINT Screening

Best for: quick initial checks, lead qualification, early‑stage supplier screening

Price: Free

(registered corporate accounts only)

  • Automated company background check (public sources only)
  • Public security & privacy signals
  • High‑level risk indicators
Discuss DORA screening

Learn more about Essential (FAQ & limitations) →

Advanced (L2)

DORA Supplier Assessment

Best for: DORA-aligned ICT third-party risk assessment for suppliers that are important but not requiring audit-like depth

Price: €2,500 (excl. VAT)

Target delivery: 5–7 business days (after required inputs are received)

  • DORA preset coverage across core domains (security, resilience, governance, regulatory practices)
  • Structured supplier questionnaire + evidence collection
  • Expert review of answers & evidence (manual validation)
  • 1 clarification round (follow-ups)
  • Written findings (HTML/DOCX) + board-ready summary
Discuss DORA Advanced scopeThe next step depends on your status: new users register, signed-out users sign in, unpaid assessments continue to review and payment, and already paid assessments continue directly.
In-Depth (L3)

DORA Audit-Like Assessment

Best for: critical ICT and third-party providers where deeper evidence review and stronger decision support are required

Price: €4,000 (excl. VAT)

Target delivery: 10–15 business days (after required inputs are received)

  • Everything in Advanced (L2), plus audit-style evidence review and control-level findings
  • Supplier interview (60–90 minutes) + evidence walkthrough (what exists, what is missing)
  • Up to 2 clarification rounds (follow-ups) + tracked evidence gaps within defined scope
  • Traceable DORA risk narrative for defensible decisions (not certification / not assurance)
  • Written findings (HTML/DOCX) + decision-ready summary pack
  • Internal governance reuse focus (clear evidence trail within defined scope)
Request DORA In-Depth consultationThe next step depends on your status: new users register, signed-out users sign in, unpaid assessments continue to review and payment, and already paid assessments continue directly.

What you pay for in the DORA Advanced (L2) plan

A defensible DORA-oriented decision summary — not more data.

  • DORA-focused risk narrative (what the supplier risk is, why it matters, and what to do next)
  • Evidence-backed findings (review of supplier responses & supporting materials within defined scope)
  • Clear boundaries: one supplier, one DORA use case; supports decision documentation (not certification)

Supports internal DORA ICT third-party risk management decisions and documentation. The sample report demonstrates DORA-specific mapping (Articles/RTS), supplier criticality context, and traceable evidence-based rationale. It does not constitute a compliance verdict, certification, legal advice, or regulatory assurance.

Discuss DORA Advanced scope Request DORA sample report

What you pay for in the DORA In-depth (L3) assessment

An audit-like, evidence-driven DORA assessment for critical ICT and third-party providers — when stronger internal decision support matters.

  • Audit-like depth (structured, evidence-driven assessment aligned to DORA expectations; suitable for internal governance, escalation, and documented follow-up)
  • Deep evidence review (manual review of supplier-provided documentation and artefacts; relevance, sufficiency, and applicability under DORA scope)
  • Control-level findings (clear conclusions at requirement/control level with explicit rationale — not just high-level scoring)
  • Traceable risk narrative (why the risk matters under DORA; what it means for ICT concentration, resilience, and operational continuity)
  • Defensible decision output (written for senior management escalation and documented internal review; reusable in risk committees and governance follow-up)
  • Clear boundaries: one supplier, one DORA use case (preset). Not certification, not assurance — maximum defensibility within defined scope.

In-depth (L3) is designed for critical suppliers and higher regulatory scrutiny scenarios. Written in a form suitable for documented internal review and governance reuse. It does not constitute legal advice, certification, or regulatory assurance.

Compare plans Request DORA In-Depth consultation

Talk to us

Tell us about your supplier and criticality. We’ll recommend the right assessment level and timeline.

Email

Email us

We typically reply within 1 business day.

Already know what you need?

You can start an assessment flow now — we’ll follow up if scope needs clarification.

Discuss DORA Advanced scope Request DORA In-Depth consultation