Getting ready for DORA: download our practical guide

DORA is the gamechanger in cybersecurity you can't ignore, even if you might be tempted to do so... But where to get started on this new EU directive for the financial sector??

... > DORA > Getting ready for DORA: download our practical guide

Your ultimate DORA Guide - All you need to get started

As the DORA deadline approaches, our customers are asking us more questions about this regulation. Maybe you're facing this too. Our ultimate guide to DORA is full of practical tips from our cybersecurity experts, to help you get started.

Questions our customers ask about DORA

  • Does DORA apply to my organization?
  • Which cybersecurity measures does DORA request for my company and what does that mean in practice?
  • What are penalties for non-compliance?
  • My organization is ISO 27001 certified: does that mean we are ready for DORA?
  • Where do I start to reach DORA compliance?

Read all about it in our in-depth DORA guide.

Image in image block

Download your ultimate DORA Guide

Discover your best next steps for DORA. Please enter your name, email and company to download your DORA Guide immediately:

Quote by

Anne de Nies

Manager Financial Market Group


‘Digital resilience is already important within the financial sector. But DORA focuses on the entire financial system, including critical suppliers. This means this legislation is going to have an impact on your organization. We hope this document helps you on your way to DORA compliance.’

What is DORA?

The Digital Operational Resilience Act, or DORA, is a European directive focused on digital resilience within the financial sector. DORA places obligations on financial organizations. The directive goes into effect on January 17, 2025.

Quote by

Jelmer Noordam

Cybersecurity Consultant

Partner in Compliance

‘Manuals and risk frameworks are a good complement to the DORA, but being compliant with these standards does not automatically make you compliant with DORA.’

What are the most important requirements of DORA?

DORA’s obligations can be roughly divided into five groups, says Jelmer Noordam of Partner in Compliance: ‘The first is risk management. In an ongoing cycle, risks, vulnerabilities and threats must be identified in order to implement targeted policies and measures.’

In addition, DORA has requirements around testing and auditing, for example, annual pen testing and triennial Threat Lead Penentration Testing. DORA also requires monitoring of ICT service providers and up-to-date ICT incident management. Finally, there are new expectations around information sharing.

The aspect of information exchange will involve new processes, says Noordam: ‘For example, the mandatory reporting of serious ICT incidents. But the law also opens up the possibility of communication exchange within the sector. This can include knowledge about incidents, hacking attempts, information about the threat picture and tips and advice to improve cybersecurity policies.’



One of the reasons for DORA is the increase in cyber attacks via suppliers, says Anne de Nies, Manager Financial Market Group at Secura: ‘Cyber criminals do not only look at how secure an organization is, they look mainly at the easiest route. If a financial institution itself is well secured, then a third party with access is a logical route to attack.’ This means that DORA mandates chain security measures, among other things.


Discover your best next steps for DORA. Please enter your name, email and company to receive the DORA Guide immediately:



The Digital Operational Resilience Act comes into effect on January 17th, 2025. Don't wait any longer and start taking action today.