Drawbridge | DORA Preparation Checklist

Get the checklist

Download the DORA Preparation Checklist for a high-level guide to help you prepare for the Digital Operational Resilience Act (DORA). The compliance deadline is January 17, 2025.

Fill out the form below to get the PDF.

For a personalized session to review the DORA Preparation Checklist with your firm, click the button below to contact us.

We’ll reach out to schedule a free 30-minute review.

What’s Included

Policies and procedures, staff awareness training, internal controls, governance, reporting, and the protections around personally identifiable information are included in DORA.

The DORA Preparation Checklist covers what is outlined in the EU regulation, including:

Information and Communication Technology (ICT) Risk Management includes continuous evaluation of cybersecurity policies, identifying critical function gaps, and improving strategies ensures robust protection for ICT assets and offline infrastructure.

Under DORA, firms must assess reporting capabilities, classify Information and Communication Technology (ICT) incidents, and streamline processes to ensure efficient incident identification and reporting.

Conduct diverse tests—vulnerability assessments, penetration tests, scenario-based tests—to meet compliance ahead of the deadline, ensuring independence and risk mitigation.

Engage with third parties to assess and enhance risk management practices, ensuring security of internal and external systems for operational resilience.

Start sharing threat information now—DORA encourages collaboration among financial entities and regulators. Join organizations like FS-ISAC, CiSP, or connect directly through Drawbridge.

Cookie	Duration	Description
__cf_bm	1 hour	This cookie, set by Cloudflare, is used to support Cloudflare Bot Management.
__hssc	1 hour	HubSpot sets this cookie to keep track of sessions and to determine if HubSpot should increment the session number and timestamps in the __hstc cookie.
__hssrc	session	This cookie is set by Hubspot whenever it changes the session cookie. The __hssrc cookie set to 1 indicates that the user has restarted the browser, and if the cookie does not exist, it is assumed to be a new session.
cookielawinfo-checkbox-advertisement	1 year	Set by the GDPR Cookie Consent plugin, this cookie records the user consent for the cookies in the "Advertisement" category.
cookielawinfo-checkbox-analytics	1 year	Set by the GDPR Cookie Consent plugin, this cookie records the user consent for the cookies in the "Analytics" category.
cookielawinfo-checkbox-functional	1 year	The GDPR Cookie Consent plugin sets the cookie to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	1 year	Set by the GDPR Cookie Consent plugin, this cookie records the user consent for the cookies in the "Necessary" category.
cookielawinfo-checkbox-others	1 year	Set by the GDPR Cookie Consent plugin, this cookie stores user consent for cookies in the category "Others".
cookielawinfo-checkbox-performance	1 year	Set by the GDPR Cookie Consent plugin, this cookie stores the user consent for cookies in the category "Performance".
CookieLawInfoConsent	1 year	CookieYes sets this cookie to record the default button state of the corresponding category and the status of CCPA. It works only in coordination with the primary cookie.
viewed_cookie_policy	1 year	The GDPR Cookie Consent plugin sets the cookie to store whether or not the user has consented to use cookies. It does not store any personal data.
wpEmojiSettingsSupports	session	WordPress sets this cookie when a user interacts with emojis on a WordPress site. It helps determine if the user's browser can display emojis properly.

Cookie	Duration	Description
li_gc	6 months	Linkedin set this cookie for storing visitor's consent regarding using cookies for non-essential purposes.
lidc	1 day	LinkedIn sets the lidc cookie to facilitate data center selection.
UserMatchHistory	1 month	LinkedIn sets this cookie for LinkedIn Ads ID syncing.

Cookie	Duration	Description
__hstc	6 months	Hubspot set this main cookie for tracking visitors. It contains the domain, initial timestamp (first visit), last timestamp (last visit), current timestamp (this visit), and session number (increments for each subsequent session).
_ga	1 year 1 month 4 days	Google Analytics sets this cookie to calculate visitor, session and campaign data and track site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognise unique visitors.
_ga_*	1 year 1 month 4 days	Google Analytics sets this cookie to store and count page views.
AnalyticsSyncHistory	1 month	Linkedin set this cookie to store information about the time a sync took place with the lms_analytics cookie.
hubspotutk	6 months	HubSpot sets this cookie to keep track of the visitors to the website. This cookie is passed to HubSpot on form submission and used when deduplicating contacts.
trackalyzer	1 year	Leadlander sets this cookie to analyse the website visitors and monitor traffic patterns.

Cookie	Duration	Description
bcookie	1 year	LinkedIn sets this cookie from LinkedIn share buttons and ad tags to recognize browser IDs.
bscookie	1 year	LinkedIn sets this cookie to store performed actions on the website.
li_sugr	3 months	LinkedIn sets this cookie to collect user behaviour data to optimise the website and make advertisements on the website more relevant.

DORA Preparation Checklist

Get the checklist

For a personalized session to review the DORA Preparation Checklist with your firm, click the button below to contact us.

We’ll reach out to schedule a free 30-minute review.

What’s Included

ICT Risk Management

ICT-related Incident Management

Digital Operational Resilience Testing

ICT Third-Party Risk Management

Information Sharing