T300 · Cat-22 · DORA & Operational Resilience · ICT Risk Gap Analysis

DORA ICT Risk Management Gap Analyser

Score your institution's ICT risk management maturity across all five DORA pillars (0–4 per pillar). Composite score /100, pillar heatmap, and prioritised remediation table. Policy Mandate JSON and Markdown gap report export. Client-side. Zero PII.

Policy Mandate Export v1.0
Scope & reliance — 🔒 All inputs are processed locally in your browser. No data is transmitted. Do not enter real personal data — use synthetic or anonymised inputs only. Embedded rates, thresholds, and regulatory citations are static reference values that may age — verify against current primary sources and your own data before relying on any output for commercial, legal, or compliance decisions. Deterministic logic · no inference · zero PII · CC BY 4.0.
Educational Use Only This tool provides a self-assessment / educational framework for internal planning purposes only. It is not a regulatory audit, legal advice, or a substitute for a formal compliance review by a qualified advisor. Verify all interpretations against the official source text and applicable RTS/ITS/guidance published by the relevant authority.
Pillar Maturity Assessment (0 = Initial, 4 = Optimised)
Pillar I — ICT Risk Management2
Art. 5–16 DORA · Governance, risk framework, ICT strategy
Developing — Risk management documented but controls not consistently applied.
Pillar II — Incident Management1
Art. 17–23 DORA · Classification, reporting, RTS 2024/1772
Initial — Incident management ad hoc; 4-hour reporting capability not established.
Pillar III — Resilience Testing2
Art. 24–27 DORA · Vulnerability scans, TLPT, TIBER-EU
Developing — Basic vulnerability assessments conducted; no TLPT schedule.
Pillar IV — Third-Party Risk1
Art. 28–44 DORA · RoI, CIF tiers, CTPP oversight
Initial — ICT provider inventory incomplete; Art. 30 contract clauses not validated.
Pillar V — Information Sharing3
Art. 45 DORA · Threat intelligence, information sharing
Managed — Active participation in at least one information sharing arrangement.
/ 100

Pillar Heatmap
Remediation Priorities
PriorityPillarGap AreaArticle