Digital Operational Resilience Testing (part of DORA)

DORA Testing

As a financial institution, you must comply with the Digital Operational Resilience Act (DORA) by January 2025. A big part of this DORA framework is planning and performing tests of your digital operational resilience.

Secura has extensive experience with DORA-related tests. We can help you define and update your test program in such a way that it complies with DORA.

The Secura DORA program

  • Risk based approach: A yearly threat modeling workshop as a basis for the program. All tests and assessments use the outcomes of this workshop to ensure that actual and specific risks define the test program.

  • Yearly penetration test on your critical ICT infrastructure. These are scenario bases, where the threat modeling outcomes define the scenario.

  • Threat Led Penetration Test (TLPT) in an Advanced Red Teaming (ART), which includes physical access review and ICT third party assessments.

  • Defining an automated test plan, which includes vulnerability scanning, compatibility testing, performance and end-to-end testing.

  • Application testing, including source code reviews, which connect to your Software Development Lifecycle.

The Secura DORA program is a modular program. You can choose the modules relevant for your situation.

White paper thumnail DORA

Read more: A summary of the new DORA regulation, 9 questions and answers about the Digital Operational Resilience Act.

Next Steps: Becoming Compliant

Would you like to know more about the DORA framework and how Secura can help you comply with this framework? Please contact us and we will get back to you within one working day.