Operationalize DORA
From ICT risk management to incident management to third-party risks: transform requirements into actionable control and evidence logic.
Mehr erfahrenPractical Guides for Financial Institutions
Translate regulatory requirements into verifiable measures, evidence and management decisions.
Not a GRC tool. But a structured workspace with practical guides, document templates and methodology — to convert regulatory changes in the financial sector into target states, test programmes, evidence packs and maturity assessments, and stay auditable.
Integrate MaRisk Seamlessly
Interlock governance, outsourcing management, risk control and internal audit with DORA and information security requirements.
Mehr erfahrenUse ISO 27001 as Control Anchor
Leverage ISO/IEC 27001:2022 as international reference for management system, controls, evidence and continuous improvement.
Mehr erfahrenManage Cyber Risk
12 control objectives for systematic cyber security — from identification through protection and detection to response and recovery. Fully aligned with DORA and ISO 27001.
Mehr erfahrenImplementation Logic
For management, compliance, IT security and audit.
The platform is not a news site, but a structured workspace for target states, measures, evidence and review status.
Target States
Clear target images for processes, controls, roles and evidence.
Measures
Practical implementation steps instead of abstract standard reproduction.
Evidence
Examples of documentation, reports, audit trails and committee documents.
Review Status
Keep drafts, review needs, approvals and publication status separately manageable.
Regulatory Radar
What's important this week?
Current regulatory signals of the current calendar week with impact on DORA, MaRisk, EBA, BaFin, Third-Party Risk, Information Register and Evidence.
Current Regulatory Signals
Low
EIOPA
EIOPA RFR Technical Documentation veröffentlicht (anwendbar ab 30. Januar 2027)
Die EIOPA hat am 26. Mai 2026 die technische Dokumentation zum Risk-Free Rate (RFR) veröffentlicht, die ab dem 30. Januar 2027 anwendbar ist. Die Dokumentation legt die Methode zur Bestimmung der risikofreien Zinsstrukturkurven für die Solvency-II-Berechnung der versicherungstechnischen Rückstellungen fest. Für Institute mit Versicherungstochter oder gemischter Tätigkeit sind Änderungen der Zinskurvenmethodik relevant für die Eigenkapitalplanung.
EIOPA
26.05.2026
2026 Priority Modules
Especially relevant for financial institutions in 2026
These modules address the specific requirements and challenges facing financial institutions in 2026.
DORA Test Programme
Operationalization of the risk-based testing programme according to Art. 24/25 DORA with 12 test types, protection needs model and 36-month cycle.
Go to Test ProgrammeInformation Register Readiness
Preparation for the annual DORA information register submission with data quality checks, error logs and management approval.
Check ReadinessICT Third-Party Risk
Management of ICT third-party relationships including due diligence, contractual requirements, monitoring and concentration risks.
Go to Third-Party RiskThird-Party Risk 2026
Extension of Third-Party Risk Management to non-ICT services according to EBA consultation with Single Register concept.
Go to Third-Party RiskMaRisk Impact
Analysis of the impact of the 9th MaRisk amendment on institution-specific risk management and integration with DORA requirements.
Go to MaRiskEvidence & Maturity
Linking evidence and maturity with test programme, information register and regulatory radar for comprehensive management reporting.
Go to Evidence & MaturityRole Paths
Guided navigation for different roles in the financial institution
Each role receives specific entry points, relevant modules and recommended working methods for their specific responsibilities.
Executive Board
Key question: How do we ensure our ICT resilience meets regulatory requirements and protects our business?
Relevant modules: DORA Test Programme, Information Register Readiness, MaRisk Impact, Evidence & Maturity
Recommended entry: DORA Test Programme
Compliance
Key question: How do we ensure the timely and complete submission of all regulatory reports?
Relevant modules: Information Register Readiness, DORA Test Programme, Third-Party Risk 2026, MaRisk Impact
Recommended entry: Information Register Readiness
IT Security
Key question: How do we ensure our ICT systems are adequately protected?
Relevant modules: Cyber Risk, ICT Risk Management, DORA Test Programme, Evidence & Maturity
Recommended entry: ICT Risk Management
ICT Risk Management
Key question: How do we effectively identify, assess and manage ICT risks?
Relevant modules: ICT Risk Management, DORA Test Programme, Third-Party Risk, Evidence & Maturity
Recommended entry: ICT Risk Management
Third-Party Risk / Outsourcing Management
Key question: How do we manage the risks from our ICT third-party relationships?
Relevant modules: Third-Party Risk 2026, ICT Third-Party Risk, DORA Test Programme, Evidence & Maturity
Recommended entry: Third-Party Risk
Internal Audit
Key question: How do we evaluate the effectiveness of our ICT resilience measures?
Relevant modules: Evidence & Maturity, DORA Test Programme, Information Register Readiness, MaRisk Impact
Recommended entry: Evidence & Maturity
Reporting / Information Register
Key question: How do we ensure our information register data is correct and complete?
Relevant modules: Information Register Readiness, DORA Test Programme, Third-Party Risk 2026, Evidence & Maturity
Recommended entry: Information Register Readiness
Departments with Critical or Important Functions
Key question: How do we identify our critical or important functions?
Relevant modules: DORA Test Programme, Critical or Important Functions, ICT Risk Management, Evidence & Maturity
Recommended entry: Critical or Important Functions