Question 1

Does DoraAudit replace a lawyer?

Accepted Answer

No. DoraAudit is a pre-check tool that identifies gaps before a lawyer reviews. You save lawyer hours where everything is already in order.

Question 2

How accurate is the analysis?

Accepted Answer

Analysis is based on official DORA Art. 30 text and Financial Supervisory Authority guidelines. AI-powered system checks 8 core requirements and provides specific recommendations.

Question 3

Is my data secure?

Accepted Answer

Contract content is processed in real-time and not stored on the server. Data stays in your browser. Self-hosted variant is available for enterprise clients.

Question 4

Who is behind DoraAudit?

Accepted Answer

Doraaudit, Tallinn. The team combines financial sector regulatory knowledge with software development experience.

Question 5

What is the Evidence Gap Analyzer?

Accepted Answer

Evidence Gap Analyzer is a tool that maps your uploaded compliance documents against DORA requirements and identifies specific evidence gaps, missing controls, and remediation priorities.

DORA Article	Requirement	ISO 27001	NIS2
Art. 5	ICT risk management framework and governance	✓ Full	✓ Full
Art. 6(1)	Identification and classification of ICT systems, protocols and tools	✓ Full	◐ Partial
Art. 6(8)	Regular review and audit of ICT risk management framework	✓ Full	◐ Partial
Art. 7	ICT systems, protocols and tools must be kept up to date and secure	✓ Full	◐ Partial
Art. 8	ICT business impact analysis and risk assessment	✓ Full	✓ Full
Art. 9	Protection and prevention measures for ICT systems	✓ Full	✓ Full
Art. 10	ICT incident detection and discovery	✓ Full	✓ Full
Art. 11	ICT business continuity policy and plans	✓ Full	✓ Full
Art. 12	Backup and restoration policies for ICT services	✓ Full	✓ Full

DORA Article	Requirement	ISO 27001	NIS2
Art. 17	ICT incident management process	✓ Full	✓ Full
Art. 18	Classification of ICT incidents	◐ Partial	✓ Full
Art. 19	Reporting major ICT incidents to competent authorities	◐ Partial	✓ Full
Art. 20	Content and templates for incident reporting	✗ None	✓ Full
Art. 13	Learning and evolving from ICT incidents	✓ Full	◐ Partial
Art. 14	Communication about ICT incidents	◐ Partial	✓ Full

DORA Article	Requirement	ISO 27001	NIS2
Art. 24	General requirements for digital operational resilience testing	◐ Partial	◐ Partial
Art. 25	Testing of ICT tools and systems	◐ Partial	◐ Partial
Art. 26	Advanced threat-led penetration testing (TLPT)	✗ None	✗ None
Art. 27	Requirements for TLPT testers	✗ None	— N/A

DORA Article	Requirement	ISO 27001	NIS2
Art. 28	General principles for managing ICT third-party risk	✓ Full	✓ Full
Art. 29	Contractual arrangements for ICT services	◐ Partial	◐ Partial
Art. 30	Critical contractual provisions for ICT services	◐ Partial	✗ None
Art. 31	Oversight framework for critical ICT third-party service providers	✗ None	✗ None

DORA Article	Requirement	ISO 27001	NIS2
Art. 45	Cyber threat intelligence sharing arrangements	◐ Partial	✓ Full
Art. 45(2)	Information exchange through trusted communities	◐ Partial	✓ Full

Multi-Framework Compliance Mapping

Select Frameworks

Coverage Calculator

1 ICT Risk Management

2 Incident Management

3 Resilience Testing

4 Third-Party Risk

5 Information Sharing

Legend

Start Your DORA Compliance Assessment