top of page
DORA Compliance Bundle — 14 Templates

DORA Compliance Bundle — 14 Templates

€349.00Price

DORA HAS BEEN IN FORCE SINCE 17 JANUARY 2025.

 

Every bank, insurer, investment firm, payment institution and crypto-asset service provider operating in the EU must comply. Supervisory authorities across all 27 member states are actively reviewing ICT risk frameworks, incident reporting processes and third-party contracts. Non-compliance means regulatory action, operational restrictions and fines.

 

This bundle gives you every document you need — for 349 EUR.

 

---

 

WHAT IS INCLUDED — 14 TEMPLATES

 

DORA-01 — ICT Risk Management Policy (Art. 6)

Master framework document covering all five DORA pillars. ICT risk governance, risk appetite, RTO/RPO targets, security control standards and board accountability. The starting point for your entire DORA compliance programme.

 

DORA-02 — ICT Asset Register (Art. 8)

Complete inventory of hardware, software, data and service assets supporting critical and important functions. Includes criticality classification, ownership, location and function mapping. Required for regulatory inspection.

 

DORA-03 — Incident Classification and Reporting Procedure (Art. 17-19)

Three-tier incident classification (Minor / Significant / Major), 8-step incident response procedure, and a pre-structured incident register with full entry template. Covers the mandatory 4-hour major incident reporting trigger.

 

DORA-04 — Major Incident Notification Templates (Art. 19)

Three ready-to-use regulatory notification forms: Initial (4-hour), Intermediate (72-hour) and Final (1-month). Pre-structured to meet RTS requirements. The most time-critical document in the bundle — you need these before an incident happens, not during one.

 

DORA-05 — Digital Operational Resilience Testing Programme (Art. 24-25)

Annual testing calendar covering vulnerability assessments, penetration testing, BCP/DR failover tests, phishing simulations, scenario-based tests and TLPT eligibility assessment. Includes findings remediation tracker.

 

DORA-06 — Business Continuity and Disaster Recovery Plan (Art. 11)

Full BCP and DR plan template with RTO/RPO targets, critical function priority table, incident response team structure, four recovery phases, backup architecture documentation and test record. Must be tested annually.

 

DORA-07 — ICT Third-Party Risk Management Policy (Art. 28-30)

Pre-engagement due diligence framework, ongoing monitoring requirements, exit and substitutability planning, concentration risk thresholds and governance approval matrix. Covers the full Art. 28 third-party risk lifecycle.

 

DORA-08 — ICT Third-Party Service Provider Register (Art. 28(3))

Complete register of all ICT providers with criticality classification, contract status, next review date and detailed provider records. Must be available to the competent authority on request.

 

DORA-09 — Art. 30 Contract Compliance Checklist (Art. 30)

Structured checklist verifying all 11 mandatory Art. 30(2) provisions and additional Art. 30(3) provisions for critical function contracts. Use before signing any new ICT contract and when renewing existing ones.

 

DORA-10 — ICT Risk Assessment Template (Art. 6(5) / Art. 8)

8 pre-populated risk entries covering the most common ICT threats — ransomware, data breach, third-party failure, DDoS, insider threat and more — with likelihood/impact scoring, control assessment and action planning.

 

DORA-11 — Information Security Policy (Art. 9)

Comprehensive security policy covering access control, MFA, encryption, network security, patching, vulnerability management, SIEM, endpoint security, physical security and security awareness training.

 

DORA-12 — Post-Incident Review Template (Art. 17(6))

Structured root cause analysis template with full timeline reconstruction, contributing factor assessment, confirmed impact, what worked well, gaps identified and action plan table. Must be completed within 10 working days.

 

DORA-13 — DORA Readiness Gap Assessment (All Articles)

23-item self-assessment covering all five DORA pillars. Includes compliance scorecard, gap identification, action plan fields and priority ranking. Start here to identify your compliance position.

 

DORA-14 — ICT Governance and Board Reporting Framework (Art. 5)

Documents board responsibilities under DORA Art. 5 and provides the quarterly board ICT risk report template covering incidents, top risks, DORA compliance status, budget and decisions required.

 

---

 

WHO NEEDS THIS

 

Banks and credit institutions — DORA applies in full from 17 January 2025.

Insurance undertakings — direct DORA obligations, plus supply chain pressure from reinsurers.

Investment firms — MiFID-regulated entities are fully in scope.

Payment institutions and e-money institutions — core DORA scope.

Crypto-asset service providers — in scope under DORA from January 2025.

ICT providers to financial entities — Art. 28-44 third-party obligations.

Risk, IT and compliance teams — build your documentation framework without a 50,000 EUR consulting engagement.

 

---

 

WHAT YOU GET

 

14 fully editable Word (.docx) templates

Every template mapped to specific DORA articles

Covers all five DORA pillars

Structured for board approval and regulatory inspection

Incident notification templates ready to use on day one

Instant ZIP download after purchase

30-day satisfaction guarantee

 

Note: These are policy framework templates. They do not constitute legal or regulatory advice. Confirm your specific DORA obligations with a qualified legal advisor.

    bottom of page