T300 · Cat-22 · DORA & Operational Resilience · ICT Risk Gap Analysis

DORA ICT Risk Management Gap Analyser

Score your institution's ICT risk management maturity across all five DORA pillars (0–4 per pillar). Composite score /100, pillar heatmap, and prioritised remediation table. Policy Mandate JSON and Markdown gap report export. Client-side. Zero PII.

Policy Mandate Export Client-Side. Zero PII.
Last Reviewed 2025-05-01 · EU 2022/2554 Art. 5–16
🔒 All inputs are processed locally in your browser. No data is transmitted. Do not enter real personal data — use synthetic or anonymised inputs only.
Educational Use Only This tool provides a self-assessment / educational framework for internal planning purposes only. It is not a regulatory audit, legal advice, or a substitute for a formal compliance review by a qualified advisor. Verify all interpretations against the official source text and applicable RTS/ITS/guidance published by the relevant authority.
Pillar Maturity Assessment (0 = Initial, 4 = Optimised)
Pillar I — ICT Risk Management2
Art. 5–16 DORA · Governance, risk framework, ICT strategy
Developing — Risk management documented but controls not consistently applied.
Pillar II — Incident Management1
Art. 17–23 DORA · Classification, reporting, RTS 2024/1772
Initial — Incident management ad hoc; 4-hour reporting capability not established.
Pillar III — Resilience Testing2
Art. 24–27 DORA · Vulnerability scans, TLPT, TIBER-EU
Developing — Basic vulnerability assessments conducted; no TLPT schedule.
Pillar IV — Third-Party Risk1
Art. 28–44 DORA · RoI, CIF tiers, CTPP oversight
Initial — ICT provider inventory incomplete; Art. 30 contract clauses not validated.
Pillar V — Information Sharing3
Art. 45 DORA · Threat intelligence, information sharing
Managed — Active participation in at least one information sharing arrangement.
ICT Risk Gap Analysis

Set each pillar's maturity score using the sliders (0 = Initial, 4 = Optimised) and click “Run Gap Analysis” to generate your DORA maturity scorecard, heatmap, and remediation priority table.