At Trausta, we recently completed a comprehensive Digital Operational Resilience Act (DORA) assessment for one of our customers. The exercise was both a validation of the customer’s strong maturity level and an important milestone in refining our own DORA assessment methodology.
Scope and Approach
The assessment focused on evaluating the organization’s alignment with DORA and the associated Regulatory Technical Standards (RTS) and Implementing Technical Standards (ITS) across the key pillars of digital operational resilience:
- ICT Risk Management framework
- Governance structures
- ICT-related incident management processes
- Digital operational resilience testing programs
- Management of ICT third-party risk
Our methodology combined documentation review, on-site interviews, and technical control verification. This allowed us to assess not only the design but also the operational effectiveness of policies, procedures, and technical safeguards.Inside, you’ll find:
Customer Maturity and Key Findings
The assessment confirmed a good overall maturity level; however, one notable finding was the penetration testing methodology: it required enhancement to align with the TIBER-EU framework. This is an important requirement under DORA, as it ensures testing simulates advanced, real-world threats under strict governance.
Strengthening Our Ecosystem
Addressing this challenge helped us sharpen our own methodology. We recognized that delivering TIBER-EU-aligned testing requires specialized expertise in advanced threat intelligence and threat-led red teaming, as well as avoiding any conflict of interest.
To achieve this, Trausta formed strong partnerships with:
- AmonSul – experts in high-level threat intelligence
- Tenendo – specialists in threat-led red teaming
Together, we now act as a one-stop shop for DORA compliance, providing end-to-end services covering ICT risk, testing, and third-party risk management.
Lessons Learned and Value Created
This engagement also helped us internally:
- We structured and deepened our knowledge of DORA, RTS and ITS
- We streamlined our assessment methodology
- We created reusable reporting templates, questionnaires, and regulatory mappings (e.g., between DORA and other frameworks, such as PCI DSS)
The outcome was not just a successful customer project but also a significant step in making our DORA services more efficient, consistent, and scalable. With this engagement, Trausta has taken another step forward in supporting organizations on their journey toward sustainable DORA compliance.
Need Assistance?
If you need any help while preparing for your DORA assessment or have any questions, please don’t hesitate to reach out to our team at Trausta. We’re here to ensure a smooth and secure compliance process.
