DORA is an EU regulation that seeks to increase the resilience of financial entities and the organisations that provide them with IT services.
DORA stipulates that those subject to the Act provide suitable assurance of their compliance via third-party testing. Our penetration testing service, designed for continual improvement and resilience against evolving cyber threats, is intended as an ongoing service. It is a subscription service, offering various tests over time and available for multi-year engagements. This ensures the ongoing strengthening of your systems while maintaining your compliance with DORA.
We will provide a range of technical assessments that give confidence in your cyber security and meet the resilience testing requirements of DORA. The service covers:
As part of the testing process, you will receive reports that identify your vulnerabilities and provide remediation advice. These will include high-level and non-technical summaries, a detailed description of the methodologies used for testing, and a consultant’s commentary with details of each technical vulnerability found.
Download the full service description
The tests follow IT Governance’s proprietary security testing methodology, which is closely aligned with the SANS and OSSTMM (Open Source Security Testing Methodology Manual) methodologies. They include:
Component | Silver service | Gold service |
---|---|---|
Vulnerability scanning | x | x |
External penetration testing | x | x |
Web application testing | x | x |
Phishing assessment | x | |
Open-source intelligence gathering | x | |
Scenario-based testing | x |
This service applies to any organisation that is subject to DORA requirements. The services provided depend on the scope and size of the contracted service. Organisations with requirements that do not exactly fit the categories in this document should contact us about a custom service.
Our penetration test is meticulously designed to align with the rigorous standards set by DORA, giving you peace of mind.
Identify and understand the technology-related vulnerabilities affecting your infrastructure and the business impacts these present.
Demonstrate a strong security posture to clients by providing third-party assurances that your wireless network is secure.
From the detailed report, you will be able to implement secure measures, thereby reducing the likelihood of a security breach while protecting your brand and complying with DORA.
Our expert consultant will provide you with updates throughout your project from both technical and non-technical perspectives.
Our established European penetration testing team has amassed extensive testing experience that ensures clients receive a comprehensive service.