DORA · ICT RISK MANAGEMENT

Score your DORA evidence readiness before the auditor does.

DORA asks you to prove which ICT risks are material to operational resilience — not that you have a security program. This template walks you, pillar by pillar, through the evidence a reviewer expects, and shows you exactly where your gaps are.

A tidy backlog isn't proof of resilience.

Get the DORA self-assessment template

A free, fillable 8-page template to score your ICT risk evidence across all five DORA pillars.

What we validate:

Execution of recent npm, Shai-Hulud and TeamPCP-related code paths.

Credential exposure (tokens, env, CI secrets).

Persistence or follow-on activity.

Runtime reachability and exploitability.

WHAT'S INSIDE

A pillar-by-pillar dry run of your next DORA review. Here's what's inside:

Self-assessment questions across all five DORA pillars

A four-level maturity scale to score each pillar

'Evidence available today' and 'largest gap' fields per pillar

A summary, priority-action grid, and a 30-day pilot

Fill it in before your next internal audit — recording the evidence you can produce today, not the policy that says it should exist.

Get the DORA self-assessment template

Score your DORA evidence across all five pillars in about 20 minutes — and see exactly where your gaps are.